Google has warned Gmail users that a notorious group of hackers is targeting account holders after gaining access to a massive database.
The attacks stem from a breach of Salesforce’s cloud platform that exposed users of Google services to further intrusions.
With around 2.5 billion people using Gmail and Google Cloud, users have been advised to be on high alert to suspicious activity and to take appropriate security action to better protect themselves.
Google’s Threat Intelligence Group first warned of the attacks in June, revealing that threat actors were targeting people through social engineering attacks that involved impersonating IT support staff.
In August, Google confirmed that there had been a number of “successful intrusions” as a result of compromised passwords.
The data breach exposed information that was “basic and largely publicly available business information”, but it was being used to conduct more serious attacks.
“We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” a blog post by Google Threat Intelligence Group noted.
“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”
The method of impersonating IT support personnel via telephone calls has proven “particularly effective in tricking employees”, according to Google, with victims often coming from English-speaking branches of multinational corporations.
Google said it notified all users impacted by the incident via email on 8 August.
ShinyHunters, which appears to take its name from the Pokemon franchise, first formed in 2020 and has been linked to several high-profile data breaches.
Victims have included AT&T Wireless, Microsoft, Santander and Ticketmaster.
Google advises users to regularly update their passwords and to use extra security measures like two-factor authentication.
Data from Google shows that the majority of users have unique or strong passwords, however only a third of them regularly update their passwords.
