Google warns 2.5 billion Gmail users, including in India, to update passwords and enable 2SV after phishing surge by hacker group ShinyHunters.

MOUNTAIN VIEW: Google has sounded a high-priority security alert for its 2.5 billion Gmail users worldwide, including millions in India, following a rise in cyberattacks linked to the infamous hacker group ShinyHunters. The tech giant is urging users to immediately update their passwords and activate two-step verification (2SV) to protect their accounts.

ShinyHunters, a cybercriminal group active since 2020, has been behind a series of major data breaches at global firms including Microsoft, AT&T, Santander, and Ticketmaster. Known for exploiting phishing emails and voice-based scams (vishing), the group is targeting Google Cloud and Gmail users with sophisticated attacks designed to steal login credentials and bypass security protections.

Google’s Threat Analysis Group (TAG) reports that the hackers have used data stolen in third-party breaches, including a Salesforce-related incident in June, to send convincing phishing messages. These scams threaten not just individuals, but also English-speaking corporate branches, including major offices in India.

Also Read: Elon Musk’s xAI sues ex-staffer for allegedly stealing Grok’s secret tech sauce

While Google’s internal systems remain secure, the growing scale and sophistication of these attacks pose a serious risk. TAG warns that ShinyHunters may launch a data leak site (DLS) to publicly expose stolen data in extortion attempts.

To combat this, Google is asking users to do three things immediately: update passwords, enable 2SV, and avoid phishing emails or scam calls. Google’s Security Checkup tool can help Indian users review account activity and update recovery options.

2SV, or two-factor authentication, provides an extra layer of protection by requiring a second verification step — such as a code sent to a mobile device. This step can significantly reduce the risk of unauthorised access even if passwords are compromised.

The UK’s Action Fraud agency reinforced Google’s message, stating: “Secure your email account by enabling 2-step verification (2SV). It can stop criminals from getting into your accounts, even if they have your password.”

With Gmail accounts often linked to banking, social media, and shopping platforms, the threat of compromise extends beyond email access, potentially endangering users’ financial and personal information.

Do these three things to protect your Gmail account.

> Update your password.

> Enable 2SV in your Google account’s security settings.

> Stay vigilant against phishing scams.

(This article is published under a mutual content partnership arrangement between The Brew News and The Free Press Journal)