August 29, 2025 – Google has issued a high-priority alert to nearly 2.5 billion Gmail users following a large-scale cyberattack carried out by a sophisticated hacker group between August 8 and August 18, 2025.
According to the Google Threat Intelligence Group (GTIG), the breach involved the use of compromised Open Authorization (OAuth) tokens, which allowed attackers to infiltrate not only Gmail accounts but also Salesforce’s database. The hacker group, identified as UNC6395, is linked to a global data theft campaign targeting Salesforce customers through third-party applications, particularly Salesloft Drift.
Although Google has confirmed that the breach primarily targeted enterprise systems rather than individual Gmail accounts, the tech giant is urging users to strengthen their account security immediately. Affected users are receiving direct email notifications and are advised to take immediate protective steps.
Recommended measures include:
• Running a Google Security Check-up via account settings to identify and resolve vulnerabilities.
• Setting a strong password with special characters for added protection.
• Enabling two-factor authentication to block unauthorized access.
• Reviewing recent login activity and signing out of any unrecognized devices.
• Cancelling third-party access to any suspicious apps.
• Avoiding suspicious links or email attachments to prevent phishing attempts.
Google emphasized that while the breach has been mitigated, vigilance is essential. Implementing these safeguards will significantly reduce the risk of future intrusions and keep user data secure.