Overview

• Reports say up to 2.5 billion Gmail users had business names and contact information taken from a Salesforce‑hosted Google CRM in June.
• Google acknowledged the incident on August 5 and began notifying affected customers on August 8, stating the leaked data was basic contact information.
• ShinyHunters is reported to have deceived a Google employee to obtain login credentials, enabling access to the CRM instance.
• Criminals are leveraging the stolen contact lists for impersonation and phone scams, with users reporting calls from 650 area code numbers urging password resets.
• Google says many recent account takeovers involve compromised passwords, and experts urge enabling multi‑factor authentication, adding passkeys, using an authenticator app, and running a Google Security Checkup.