August 20, 2025, 2:19 pm | Read time: 2 minutes

The hacker group “ShinyHunters” has specifically compromised a Google-Salesforce database and is increasingly targeting private Gmail users. They use manipulated messages or pose as Google employees over the phone to obtain sensitive login credentials and security codes. Google confirms that password attacks have recently increased by more than 84 percent—a trend that seems to continue with the current wave of attacks on Gmail, according to “Forbes.”

High Risk from Attacks on Gmail

The attacks on Gmail have been so perfected over time that numerous users have already fallen victim. They report their experiences on Reddit, among other places. Often, the scammers claim over the phone that the Gmail account is in danger and a password reset is necessary.

Read also: Nearly 16 Million PayPal Login Credentials Have Surfaced Online

If criminals succeed in taking over a Google account through these or similar schemes, they gain extensive opportunities. In addition to accessing emails, they also gain access to Google Pay, the password manager, the Play Store, and numerous other services. Through features like “forgot password,” they can also hijack other online accounts of the victims.

These Protective Measures Users Should Take

To guard against the increasing Gmail attacks, users should take several security precautions:

• Enable two-factor authentication for all Google services.
• Use secure and unique passwords.
• Do not store passwords in the browser or Google account; use an independent password manager instead.
• Switch to passkeys if possible.
• Regularly perform the Google security check.
• Activate Google’s advanced security program.
• Be suspicious of unexpected messages or calls and never share passwords or security codes.
• Use up-to-date antivirus software.
• Obtain software only from trusted sources and keep it updated.