Google Data Breach Exposed 2.5 Billion Accounts: How to Secure Your Gmail Account

Google has reportedly alerted 2.5 billion Gmail account holders after a password hacker group was able to carry out a “successful intrusion.” As per the report, the incident occurred between August 8 and 18 in a widespread attack via compromised Open Authorisation (OAuth) tokens. Apart from targeting individual accounts, the threat actors have also targeted Salesforce's database containing information about its customers, the Google Threat Intelligence Group (GTIG) has found. The company has advised Gmail users to update their passwords and secure their accounts.

Update: Google has reached out to Gadgets 360 highlighting reports around the data breach were incorrect. The company stated in a blog post, "We want to reassure our users that Gmail's protections are strong and effective. Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false."

You can read the full story here.

Threat Actor Target Gmail Account Passwords

The Mountain View-based tech giant reportedly alerted impacted Gmail users via email, asking them to update their passwords immediately and increase the security of their accounts by activating two-factor authentication (2FA). Additionally, the company is said to have advised users to remain alert for suspicious activity.

The same hacker group, tracked as UNC6395, was found to be involved in a widespread data theft campaign targeting Salesforce customer data, GTIG said in a blog post. This occurred as a result of compromised OAuth tokens “associated with the Salesloft Drift third-party application.”

As a protective measure, Salesloft has revoked all active access and refresh tokens that came from the Drift application. Salesforce has also removed Drift from its AppExchange until further investigation is conducted.

While the enterprise-focused attack was mitigated via a combined effort by GTIG, Salesforce, and Salesloft, individual Gmail account holders need to take proactive steps to secure their accounts to protect themselves from any potential data breaches. Google suggests a series of steps a user can take to ensure the security of their accounts.

How to Secure Your Gmail Account

1. Run Google's Security check-up by navigating to your Google account, then Settings > Security > Security check-up. Fix any red or amber items.
    
2. Update your password by going to Security > Password > *Set a new password. Google recommends using a unique and strong alphanumeric password which includes capitalisation and special characters.
    
3. Turn on 2FA by navigating to Security > 2-Step Verification, and adding a passkey. You can also opt to use an authenticator app to receive OTPs to verify your identity.
    
4. Review devices and active sessions by visiting Security > Your devices. Sign out of anything you do not recognise or no longer use.
    
5. Revoke third-party access and app passwords by navigating to Security > Third-party access, and removing any apps that you do not need or trust.
    
6. Monitor your recent login activity by opening the Gmail web page, then tapping on *Details located at the bottom right corner.
    
7. Never click on a URL or attached file sent from an email address you do not recognise. Even if it is a familiar account, always verify with the sender via a separate platform.