Google Issues Urgent Cybersecurity Alert For 2.5 Billion Gmail Users In India And Beyond

Google has issued an urgent warning to its 2.5 billion Gmail users worldwide, including millions in India, to immediately update their passwords and enable two-step verification (2SV) due to a surge in cyberattacks linked to the notorious hacking group ShinyHunters. The group, active since 2020 and known for high-profile breaches at companies like Microsoft, AT&T, Santander, and Ticketmaster, is escalating its tactics, posing a significant threat to both individual and corporate accounts.

ShinyHunters, named after the Pokémon franchise, primarily uses phishing emails and voice-based scams (vishing) to deceive users into revealing sensitive information, such as login credentials or 2SV codes. The hackers have exploited stolen data from third-party breaches, notably a Salesforce-related incident in June, to craft convincing scams targeting Gmail and Google Cloud users. Google's Threat Intelligence Group (TAG) warns that the group may launch a data leak site (DLS) to intensify extortion efforts, threatening to expose stolen data unless ransoms are paid.

While Google’s systems remain uncompromised, the scale of the threat is significant, with attackers focusing on English-speaking corporate branches, including those in India.

How to stay safe from these cyberattacks?

Last month, Google emailed potentially affected users, urging them to bolster account security. Enabling 2SV, also known as two-factor authentication (2FA), adds a secondary verification step, such as a code sent to a trusted device, making it harder for hackers to gain access even if they obtain a password. The UK’s Action Fraud emphasized, "Secure your email account by enabling 2-step verification (2SV). It can stop criminals from getting into your accounts, even if they have your password."

For Indian users, Google recommends using its Security Checkup tool to review account activity and ensure recovery information is up-to-date. With Gmail often linked to banking, shopping, and social media accounts, a compromised email could lead to broader financial and personal risks. Users are also advised to avoid suspicious emails or calls claiming to be from Google support, as the company never initiates contact for password resets.

Do these three things to protect your Gmail account.

> Update your password.

> Enable 2SV in your Google account’s security settings.

> Stay vigilant against phishing scams.

Published on: Monday, September 01, 2025, 12:52 PM IST