Google He has warned Gmail users to update their passwords and take additional security measures after a group of hackers accessed a massive database containing the information on account holders.
There are about 2.5 billion Gmail Users and changing passwords regularly is a useful tool for protecting sensitive data. In addition, account holders may use other security methods, such as two -step verification, to confirm their identity, providing an additional layer of security.
Google has advised users who are aware of the suspicious activity and protect themselves, as hackers have used various intrusive methods to deceive the account users to share their passwords and other sensitive data.
In a Start -up of newsGoogle’s threat intelligence group said he issued advice to organizations on a widespread data theft campaign carried out by a hacker followed as UNC6395. From August 8 to August 18, the computer pirate guided the SalesForce customer accounts through Tokens Ooth committed linked to the drift of sale of third -party applications.
How did the hackers access the data?
“The actor systematically exported large volumes of data from numerous corporate sales instances. GTig evaluates the main intention of the threat actor is to collect the credentials. After the data were ex -filurated, the actor sought the data to find secrets that could be used to compromise the victims’ environments,” said the team.
On August 20, 2025, Saleslft and SalesForce revoked all access to drift sheets and removed the application as a precaution due to pending investigation. Salesforce said the incident was not linked to a defect on its main platform.
Google also revealed it to JuneA different group, UNC6040, briefly accessed one of its own SalesForce accounts, which contained contact information for small and medium -sized businesses. The company stated that attackers only obtained limited data, including trade names and contact details that were already available mainly publicly.
Who are the Shinyhunters?
“We believe that threat actors using the” Shinyhunters “brand may be preparing to climb their extortion tactics by throwing a data leak (DLS) site,” said a post on the Google Hamy Intelligence Group blog.
“These new tactics are likely to be intended to increase the pressure on the victims, including those associated with the recent breaches of data related to UNC6040.”
Shinyhunters, named after the Pokémon franchise, has been formed in 2020 and has since been addressed to large companies, including AT&T Wireless, Microsoft, Santander and Ticketmaster, according to The independent.
