Overview

• Google says a June intrusion into a Salesforce‑managed database exposed basic business and contact details but not passwords.
• Reporting attributes the breach to ShinyHunters/UNC6040 after a voice‑phishing scheme tricked a Google employee for Salesforce access.
• Users describe vishing from numbers using the 650 area code and phishing emails posing as support to harvest login codes or trigger resets.
• Security researchers also warn of brute‑force login attempts and exploitation of neglected Google Cloud “dangling buckets.”
• Google advises running Security Checkup, enabling multi‑factor or Advanced Protection, and adopting passkeys; it has not disclosed how many accounts were affected as outlets cite risk to roughly 2.5 billion Gmail users.