Overview

• Google confirmed on August 5 it investigated a June intrusion into a Salesforce‑hosted database it uses and began mitigations.
• Reports attribute the breach to UNC6040, linked to ShinyHunters, after voice‑phishing a Google employee for credentials.
• Several outlets cite roughly 2.5 billion Gmail records as exposed, while Google has not disclosed totals and says no passwords were taken.
• Users report spoofed calls, texts and emails seeking verification codes, including calls that appear to originate from US 650 area codes.
• Security experts warn of brute‑force attempts and potential “dangling bucket” cloud exposures, urging passkeys or MFA and a Google Security Checkup.