Overview

• Reports say up to 2.5 billion users had contact information exposed in the June incident, which Google says involved basic business details from a Salesforce-hosted system.
• Coverage attributes the intrusion to the ShinyHunters group, which allegedly tricked a Google employee to obtain access credentials.
• A wave of phishing and vishing is targeting account holders with impersonation calls and emails, including reports of 650 area‑code caller IDs and schemes to capture password‑reset codes.
• Google acknowledged the breach on August 5 and began notifying affected customers on August 8, according to media reports.
• Security guidance urges users to change passwords, enable non‑SMS multi‑factor authentication or passkeys, run Google’s Security Checkup, and ignore any phone support or paid recovery offers claiming to be from Google.