When Google picked up the phone, 2.5 billion accounts suffered

According to the Prosecutor General’s Office of the Republic of Kazakhstan, the international hacker group ShinyHunters gained access to contact details and company names, affecting up to 2.5 billion Gmail accounts. However, user passwords were not stolen.

The authority specified that the attack was carried out through social engineering: criminals called a Google employee, posing as IT support, and persuaded him to authorize a malicious application — Salesforce Data Loader. As a result, the hackers managed to download part of Google’s corporate database.

According to the Google Threat Intelligence Group, such incidents are categorized as vishing (voice phishing) schemes. Criminals use phone calls and social engineering, and in some cases rely on generative AI and voice cloning, which makes such attacks harder to detect. Later, hackers can exploit the stolen information for mass phishing emails and phone calls, impersonating Google employees.

Some users have already reported fraudulent calls allegedly coming from numbers with the 650 area code, in which attackers demanded Gmail password resets.

In this regard, the Prosecutor General’s Office reminded of the necessary cybersecurity measures:

1. Immediately change simple or repeated passwords.

2. Enable two-factor authentication or use modern protection methods such as biometrics or PIN codes.

3. Do not trust calls or emails allegedly from Google — according to estimates, 9 out of 10 such messages are fraudulent.

4. Limit access and monitor connected applications.

“This incident confirms that even partially public data can become the basis for large-scale fraudulent schemes. We urge users and organizations to strictly follow security measures and regularly review their account settings,” the General Prosecutor’s Office stressed.

Earlier, it was reported that the European Commission fined Google €2.95 billion for abusing its dominant position in the advertising technology market.