Google has alerted its 2.5 billion Gmail users to take steps to secure their accounts amid rising phishing threats. Users are advised to update their passwords and activate two-factor authentication. Simple guidelines are provided at the end of this article to help safeguard accounts.
In light of a series of data breaches affecting corporate systems, Google is emphasizing the need for proactive security measures. They sent out notifications to a significant portion of their user base in late July and reiterated the warnings on August 8. Hackers, particularly a group called “Shiny Hunters,” have been intensifying phishing efforts aimed at deceiving users into revealing their login details.
Previously, it was reported that Google itself faced a breach involving Shiny Hunters.
According to Google’s findings, one of their Salesforce instances was breached in June, enabling attackers to access customer data for a brief period before the breach was contained. The data compromised was mainly general public information, like company names and contact info.
Google has referred to the attackers behind these incidents as “UNC6040” and “UNC6240.” However, BleepingComputer has confirmed that Shiny Hunters is indeed responsible. This group has a notorious reputation for a string of high-profile attacks, targeting organizations such as Powerschool, Oracle Cloud, and others.
In discussions with BleepingComputer, Shiny Hunters claimed to have breached several Salesforce instances, with the ongoing attack’s connection to Google still uncertain. They vaguely suggested a compromise of the sign company.
To help users avoid falling victim to such phishing schemes, Google strongly urges the use of two-factor authentication and recommends regularly updating passwords. They caution against relying on emails that claim “Suspicious Sign-in Prevented.” Instead, users should independently check security alerts by logging into their accounts and reviewing the “Security” section.
In May, cybersecurity researcher Jeremiah Fowler indicated that numerous compromised passwords linked to various email services and social media platforms might expose around 184 million passwords across open databases.
For users to view recent security activities, they need to log into their Google account, click the gear icon, then navigate to “Recent Security Activities” under the “Security” section. Alerts from the past 28 days, including new sign-ins, will be shown here.
To update your Gmail password, you can follow these steps:
Step 1: Log into your Google account.
Step 2: Click the gear icon in the top right corner and go to “Security.”
Step 3: Scroll to the “How to Sign in to Google” section.
Step 4: Click on “Password.”
Users can then follow the prompts to set a new password.
Activating two-factor verification is another critical measure for securing your Google account. After logging in and navigating to the “Security” section, look for the “Turn on Two-Step Verification” option under “How to Sign in to Google.” Follow the on-screen prompts to set up multi-factor authentication through methods like device PassKey, the Google Authenticator app, a linked personal phone number, or a backup code.
