English
Specials
    Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeTechnologyMassive Gmail password theft hits 2.5 billion accounts, Google warns; here's how you can secure your account

    Massive Gmail password theft hits 2.5 billion accounts, Google warns; here's how you can secure your account

    Google has warned that nearly 2.5 billion Gmail accounts may be exposed in a massive data theft campaign, urging users to reset passwords, review app permissions, and enable two-factor authentication.

    MC Tech Desk
    August 28, 2025 / 13:31 IST
    Gmail

    Google has issued a major security alert warning that nearly 2.5 billion Gmail accounts may have been exposed in a large-scale data theft campaign. The company’s Threat Intelligence Group (GTIG) has linked the breach to a threat actor tracked as UNC6395, who targeted accounts between August 8 and August 18, 2025.

    Details of the breach
    According to Google’s advisory, attackers gained access to Gmail data by exploiting compromised authentication tokens from third-party integrations. Once inside, the actor systematically pulled large volumes of account data, including usernames, email addresses, login details, and in some cases, stored credentials connected to other cloud services.

    The attackers reportedly searched for sensitive information such as Amazon Web Services (AWS) keys, enterprise login URLs, and Snowflake access tokens. Google noted that although the group tried to cover its tracks by deleting query jobs, logs were preserved and can be used by organizations and users to verify exposure.

    Impact on users
    While Google has not confirmed how many individual users’ data was directly abused, the company said the scale of the breach means Gmail accounts worldwide could be affected. There is no evidence that Gmail’s core systems were compromised. Instead, the breach stemmed from third-party integrations that allowed attackers to exfiltrate data linked to Gmail accounts.

    What you should do
    Google is urging all Gmail users to immediately:
    • Reset passwords and enable two-factor authentication (2FA) if not already active.
    • Check recent login activity in Gmail settings to identify suspicious access attempts.
    • Revoke app permissions by visiting the Google Account security dashboard and removing unfamiliar third-party apps.
    • Rotate credentials linked to Gmail, such as API keys or login details stored in messages.
    • Be alert to phishing attempts, as attackers may use the stolen data to craft targeted scams.

    Google has already revoked access tokens associated with the malicious campaign and is working with affected partners to investigate further.

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    MC Tech Desk Read the latest and trending tech news—stay updated on AI, gadgets, cybersecurity, software updates, smartphones, blockchain, space tech, and the future of innovation.
    first published: Aug 28, 2025 01:28 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347