Quote:Over the past couple of weeks, some reports claimed that Google had sent an emergency warning to all Gmail users after a security breach. Google says that these claims are false.

Here's what happened. In early August 2025, the Google Threat Intelligence Group confirmed that Google had been hacked in June this year, by a ransomware threat group called ShinyHunters, aka UNC6040.

After the attack, Google had performed an impact analysis, and prepared mitigations. Its analysis revealed that one of its corporate Salesforce instances (Salesforce Drift) had been breached. This instance had been used to store contact details for small and medium businesses, and the attackers managed to retrieve some of it.

Google said the data the hackers accessed during a small window of time was limited to basic and largely publicly available business information, such as business names and contact details.

The words "largely publicly" do suggest some private data was stolen. Google says that the threat actors also compromised OAuth tokens for the "Drift Email" integration. Perhaps that's the private data that was affected?

Google said it had notified those affected by the breach by August 8. More details about this incident are available on Google's blog. Here's another article by Google that explains more about the attack.

Continue Reading...