Google confirmed a major cyberattack that affected 2.5 billion Gmail users worldwide. The company reported that hackers targeted accounts between August 8 and August 18 using compromised OAuth tokens to gain access on a global scale.
The breach extended beyond individual Gmail accounts and infiltrated Salesforce databases as well. According to Google’s Threat Intelligence Group (GTIG), the hacker group UNC6395 carried out the attack. The group is notorious for targeting Salesforce users in the past. Hackers exploited compromised tokens from the Salesloft Drift app to execute this breach.
Although Google has fixed the enterprise-level breach, the company urged all Gmail users to take immediate security measures. Users should run a Security Check-up, fix any detected issues, set strong passwords with special characters and numbers, enable two-factor authentication, log out of unfamiliar devices, revoke access to suspicious third-party apps, monitor recent login activity, and avoid opening suspicious links or attachments.
Google emphasised that following these steps significantly reduces the chances of falling victim to future cyberattacks.