Correction: No, Google Did Not Issue A Broad Gmail Security Warning Of Phishing Attacks
Google reached out to HotHardware to make our team aware that reports of a Gmail security threat were false, though several reputable news outlets were reporting otherwise. It is difficult to determine where these inaccurate reports stemmed from. Perhaps it was a previously published Google threat blog post last month that confirmed widespread data theft targets of Salesforce instances were a growing concern, which does appear to be the origin of these reports. Google did provide the following official statement on the matter regarding Gmail specifically, which turned out to be completely false:
Gmail's protections are strong and effective, and claims of a major Gmail security warning are false.
We want to reassure our users that Gmail’s protections are strong and effective. Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.
While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users.
Security is such an important item for all companies, all customers, all users — we take this work incredibly seriously. Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual.
As best practices for additional protection, we encourage users to use a secure password alternative like Passkeys, and to follow these best practices to spot and report phishing attacks.
Previous coverage, which has since proven to be inaccurate, is listed here below in its entirety...
Amidst concerns over the threat posed by black hat hackers, Google is urging billions of Gmail users to be on high alert. The company recently advised users to change their passwords and implement two-factor authentication to protect themselves.
This warning follows a recent revelation that hackers may be actively exploiting a compromised Google database containing customers' sales information. Earlier this month, Google revealed that malicious actors used social engineering tactics to manipulate a Google employee into granting permission to a malicious application, which impacted one of its databases hosted on the Salesforce platform. The hackers were then able to steal business-related information such as contact details, company name and internal notes.
The report claims that the exfiltrated information was publicly available and that customers' Gmail or cloud accounts were unaffected. Nonetheless, the risk posed by the breach cannot be dismissed. The stolen information could make it easier for bad actors to attack Google account owners.
Google has warned users to update their passwords and implement other security measures ASAP. To update your Google Account password, go to your Google Account home page > Security > Password and then follow the onscreen instructions to complete the process.
In addition, turn on 2 Step verification. To do this, open your Google Account > Security > 2-Step Verification and follow the onscreen instructions to complete the process.
