Particle.news
Download on the App Store
3 ARTICLES
·
2h ago

Google Urges All Gmail Users to Reset Passwords as Account-Compromise Attempts Surge

Phone impostors are coaxing users to read out verification codes, with investigators pointing to extortion actors linked to ShinyHunters.

Gmail auf Smartphone

Overview

  • Google is advising its roughly 2.5 billion Gmail users to change passwords and enable stronger login protections such as two-factor authentication, passkeys, and Advanced Protection.
  • Users are reporting a wave of automated security alerts for suspicious sign-ins, indicating widespread targeting of Gmail accounts.
  • Attackers are posing as Google support in vishing calls to prompt password resets and obtain the email verification code, which allows them to take over accounts.
  • Google stresses that employees do not call to reset passwords or ask for verification codes, urging users to treat such requests as fraudulent.
  • The campaign is linked by Google to extortion-focused actors associated with ShinyHunters, with related activity also exploiting Google Cloud misconfigurations such as dangling buckets; Google notes password-theft attempts rose 84% last year and says only 36% of users regularly change passwords.