Overview

• Google confirmed attackers accessed a corporate Salesforce instance in June that stored basic business contact details for small and medium‑size businesses, not consumer passwords or Gmail, Drive or Calendar data.
• Security teams and users report phishing emails, fake security alerts and phone scams posing as Google support, including calls from 650 numbers seeking password resets or verification codes.
• The company says a significant share of recent account intrusions involve compromised passwords, and it advises immediate password changes, passkeys by default, authenticator‑based 2FA and a Google Security Checkup.
• Google acknowledged the incident on August 5 and emailed notifications to affected contacts on August 8.
• Google Threat Intelligence links the activity to actors using the ShinyHunters brand and warns they may escalate extortion by launching a data leak site.