Google is advising its 2.5 billion Gmail users to update their passwords and enable two-factor authentication to protect their accounts from increasingly sophisticated phishing attempts. Follow the easy steps at the end of this article to secure your accounts from crooks.
Mashable reports that in the wake of a series of data attacks on corporate systems that could eventually threaten users’ personal security, tech giant Google is urging its Gmail users to take proactive measures to safeguard their accounts. The company sent notifications to its massive user base in late July and again on August 8, warning that hackers, particularly a group known as “ShinyHunters,” are intensifying phishing activity designed to trick users into surrendering their log-in credentials.
Breitbart News previously reported that Google itself had been hacked by ShinyHunters:
According to Google, one of its corporate Salesforce instances was compromised in June, allowing the attackers to exfiltrate customer data during a brief window before access was cut off. The stolen data was reportedly limited to basic and largely public business information, such as company names and contact details.
Google has classified the threat actors behind these attacks as ‘UNC6040’ or ‘UNC6240.’ However, BleepingComputer, which has been closely monitoring the situation, has confirmed that ShinyHunters is responsible for the breaches. The notorious group has a long history of high-profile attacks, including those targeting PowerSchool, Oracle Cloud, Snowflake, AT&T, NitroPDF, Wattpad, MathWay, and many others.
In a conversation with BleepingComputer, ShinyHunters claimed to have breached numerous Salesforce instances, with attacks still ongoing. The threat actor even hinted at having compromised a trillion-dollar company, though it remains unclear if this refers to Google.
To prevent users from falling victim to future phishing attempts, Google has strongly recommended setting up two-factor authentication and regularly updating passwords. The company has also cautioned users against clicking on emails containing alerts like “suspicious sign in prevented,” as these are frequently used by hackers during times of heightened cybersecurity warnings. Instead, Google advises users to independently check their security alerts by logging into their accounts and navigating to the “Security” section.
Cybersecurity researcher Jeremiah Fowler reported in May that approximately 184 million passwords were potentially exposed in an open database, with many of the compromised passwords linked to email providers like Google and various social media platforms.
To check recent security activity, users should log into their Google account, navigate to the “Security” section located by clicking on the gear icon in the upper right of the screen, and click on “Recent security activity.” Any security alerts from the past 28 days, including new sign-ins, will be visible here.
To change your Gmail password, follow these steps:
Step 1: Log into your Google account.
Step 2: Navigate to “Security” located in the settings menu by clicking on the gear icon in the upper right.
Step 3: Scroll to the “How you sign in to Google” section.
Step 4: Click “Password.”
Users can then follow the prompts to update their password.
Enabling 2-Step Verification is another crucial step in protecting Google accounts. After logging in and navigating to the “Security” section, users can find the “Turn on 2-Step Verification” option under “How you sign in to Google.” Following the on-screen instructions, users can set up multi-factor authentication using an on-device passkey, the Google Authenticator app (or another third-party authenticator), a linked personal phone number, or a backup code.
Read more at Mashable here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
