Particle.news
Download on the App Store
3 ARTICLES
·
last mo.

Google Refutes Reports of Mass Gmail Breach, Cites Limited OAuth Token Abuse

Google says misuse of Salesloft Drift tokens affected only certain Workspace accounts.

Image
Betrüger:innen wollen euren Gmail-Account übernehmen. (Bild: Shutterstock/Ascannio)

Overview

  • The company said in a Workspace blog post that claims of a broad security alert to all Gmail users are false.
  • Google’s Threat Intelligence Group found criminals abused OAuth tokens from the Salesloft Drift Email integration to access some mailboxes tied to that integration.
  • Administrators of affected Google Workspaces were notified, and Google says that notification process concluded on August 8.
  • Zscaler reported that compromised tokens in the same campaign enabled access to its Salesforce instances, exposing some customer contact and support data.
  • Google says its protections block over 99.9% of phishing and malware attempts and recommends using passkeys and following anti‑phishing guidance.