Overview

• Google says the leak involved names and contact details rather than passwords or financial credentials, but urges heightened vigilance.
• Investigators report vishing and extortion attempts using the stolen data, including emails and calls demanding bitcoin under 72‑hour threats.
• The breach stemmed from phone scams that tricked employees into authorizing access to a Salesforce integration, with manipulated Data Loader tools used to copy records.
• Google’s threat team detected and blocked the intrusion, notified impacted users and organizations, and noted particular impact on small and mid‑size businesses using Google services via Salesforce.
• A separate warning highlights an ‘invisible’ Gmail scam where hidden white text can trigger deceptive Gemini summaries with fake support numbers, prompting advice to enable MFA, verify senders, and avoid unsolicited links or calls.