Google denies “2.5 billion Gmail users at risk” claim

Google has pushed back against viral reports that it warned all 2.5 billion Gmail users about a major security issue, calling the claims “entirely false.” In a blog update, the company reiterated that Gmail’s protections remain “strong and effective” and that more than 99.9% of phishing and malware attempts are blocked before reaching inboxes.

What actually happened

• Google did face a June incident tied to its corporate Salesforce environment, not Gmail. Attackers accessed publicly available business contact data via social engineering campaigns tracked as UNC6040/ShinyHunters; passwords and consumer Gmail data were not exposed, and impacted organizations were notified.

• Separate from that incident, Google published guidance about intensifying phishing activity and new protections, which some outlets misinterpreted as a universal breach alert to all Gmail users.

Why the confusion matters

• Headlines suggested Google emailed every Gmail account urging password changes. Many users never received such notices because there was no mass Gmail breach; the Salesforce‑linked exposure affected business contacts, not personal mailboxes.

• Nonetheless, phishing waves are real and ongoing, and Google continues to recommend stronger authentication and vigilance.

Google’s current guidance

• Use passkeys or an authenticator app for two‑step verification, avoid SMS codes where possible, and review account activity regularly. Google maintains that its systems block the vast majority of malicious emails, but users should stay alert to spoofed “security” messages.

FAQs

1. Was Gmail hacked?
   No. Google says there was no mass Gmail breach. A June incident involved a corporate Salesforce database with business contact details; consumer mailboxes and passwords were not exposed.

2. Did Google email 2.5 billion users about a breach?
   No. Google called those reports “entirely false.” Any notifications were targeted to impacted organizations, not a blanket alert to every Gmail user.

3. Why are people talking about phishing spikes?
   Google published guidance about rising phishing threats and announced protections. That advisory seems to have been conflated with breach claims.

4. What should users do now?
   Enable passkeys or an authenticator‑based 2SV, regularly check recent security activity, and be wary of emails claiming “suspicious sign‑in prevented.” Verify alerts directly in the Google Account dashboard.

5. Who are ShinyHunters/UNC6040?
   It is a group using voice‑phishing and malicious Salesforce tooling to exfiltrate business contact data from targeted organizations, not a Gmail platform compromise.

There is no evidence of a mass Gmail breach or a global warning to every user. Keep accounts secured with passkeys/2SV and remain cautious of phishing claims, especially those urging urgent password entry via emailed links.