'2.5 Billion Gmail Users At Risk'? Entirely False, Says Google

SOPA Images / LightRocket via Getty Images

Follow ZDNET: Add america arsenic a preferred source connected Google.

ZDNET's cardinal takeaways

• Google did not rumor a informing astir a awesome information breach.
• But hackers person been targeting Salesforce information successful nan cloud.
• Always beryllium alert for phishing and vishing attacks.

Worried astir reports that a awesome information breach has impacted your Gmail account? Well, apparently, those claims are overmuch ado astir nothing.

Also: How to encrypt immoderate email - successful Outlook, Gmail, and different celebrated services

"We want to reassure our users that Gmail's protections are beardown and effective," Google said successful a blog station connected Sunday. "Several inaccurate claims surfaced precocious that incorrectly stated that we issued a wide informing to each Gmail users astir a awesome Gmail information issue. This is wholly false."

Kernels of truth

Google did not mention immoderate circumstantial information issues that whitethorn person fueled nan rumors. But nan institution is apt referring to a caller breach that affected its cloud-based Salesforce databases.

Allegedly orchestrated by nan cybercriminal group ShinyHunters, nan incident reportedly compromised customer and institution names, triggering phishing and vishing (voice phishing) attacks. In response, reports claimed that Google advised 2.5 cardinal Gmail users to update their passwords.

Also: This caller Gmail instrumentality lets you declutter your inbox successful seconds - here's really to usage it

Though location was nary specified advisory, location are kernels of truth here. Attackers person been targeting valuable Salesforce information stored successful Google's cloud. On August 26, nan Google Threat Intelligence Group issued a informing astir a hacker who compromised OAuth information tokens related to Salesloft Drift, an AI-based chatbot that Salesforce has integrated into its system.

The phishing and vishing attacks staged by hackers are besides a existent and persistent threat. In June, Google explained how attackers are utilizing specified tactics to scam unsuspecting employees. Impersonating IT support unit and different trusted individuals, cybercriminals email aliases telephone their intended victims astatine targeted businesses to instrumentality them into granting entree to delicate information.

Google's Gmail protections artifact much than 99.9% of phishing and malware attempts from reaching users, nan institution claimed successful its blog post. But Google besides warned against unfounded rumors specified arsenic nan information alert that was attributed to nan company.

Also: How to move disconnected Gemini successful your Gmail, Docs, Photos, and much - it's easy to opt out

"Security is specified an important point for each companies, each customers, each users -- we return this activity incredibly seriously," Google said. "Our teams put heavily, innovate constantly, and pass intelligibly astir nan risks and protections we person successful place. It's important that speech successful this abstraction is meticulous and factual."

How to protect yourself

To protect yourself and your institution from existent phishing campaigns and different attacks, nan usual advice is ever worthy repeating.

1. Make judge you usage a beardown and unafraid password pinch nan correct type of two-factor authentication.
2. Better yet, commencement replacing your passwords pinch passkeys whenever and wherever possible.
3. Scrutinize each email you receive, particularly those asking for relationship accusation aliases different captious data.
4. Beware of telephone calls that look to travel from a morganatic root but petition confidential relationship aliases costs information.