Google sounds alarm after massive data breach leaves 2.5B users exposed — what to do ASAP to protect yourself

It sounds like the plot of a sci-fi crime thriller, but the latest major cyberhack is real.

Google revealed that a cybercriminal group known as the ShinyHunters hacked a database of their accounts through the cloud-based software provider Salesforce, exposing the roughly 2.5 billion Gmail and Google Cloud users worldwide to possible breaches.

Must Read

Google’s Threat Intelligence Group (GTIG) said it first discovered a breach in June and, by August, became aware of bad actors using “overlapping tactics, techniques, and procedures” to access networks and accounts. Those tactics include social engineering, such as impersonating IT support reps in phone conversations, primarily targeting English-speaking users at multinational companies.

GTIG said the data obtained was “basic and largely publicly available business information” but warned that ShinyHunters “may be preparing to escalate their extortion tactics by launching a data leak site … likely intended to increase pressure on victims.”

In the past, GTIG tracked the group’s actions for months after branches and found their extortion techniques included “calls or emails to employees of the victim organization demanding payment in bitcoin within 72 hours.” The hacker group takes its name from the Pokémon franchise.

Geekspin noted that ShinyHunters has previously hacked the organizations AT&T Wireless, Mashable, Microsoft, Santander, Ticketmaster and Wattpad. Along with extorting their victims, the group also sells stolen databases on the dark web, adding further risk to anyone’s accounts.

How to protect your Google account now

To keep your Google account as secure as possible, the company advises taking several steps.

Start by updating your password and making it unique to your Google account. As AllThingsSecured.com notes, using the same password across multiple accounts — such as email, banking or social media — means if a hacker gains access to one, they can access them all. The site recommends using a trusted password manager to both create and store strong passwords.

Google also advises enabling two-factor authentication along with a security key or Google Prompt. Both add an extra layer of protection by requiring you to approve a login even if a hacker has your password.

The company recommends updating related Google and Android apps, browsers and operating systems to ensure you have the latest and most secure versions.

Be wary of suspicious messages by email, text, from websites or even phone calls. Google warns that hackers may pretend to be institutions, family members or colleagues to steal sensitive information.

Never click on suspicious links, especially those asking for personal information such as passwords. If you receive a message claiming to be from a bank, for example, search for the institution’s website or phone number independently and contact them directly.

Read more: Rich, young Americans are ditching stocks — here are the alternative assets they’re banking on instead

Signs your account has been hacked, and what to do

Online security data platform Cybersecurity Insiders says sudden changes to your Google password, unauthorized updates to your personal information or spam emails sent from your account could all signal a breach.

Forbes adds that strange financial activity on your Google Pay or Play accounts could also be a warning sign, in which case you should contact your financial institutions immediately. Changes to Google Drive, such as photos or videos being shared without your permission, may also indicate a hack.

If you believe you’ve been hacked, change your password and then conduct a Google Security Checkup to suss out any unwanted or fraudulent activity.

If you do find any suspicious activity, Cybersecurity Insiders suggests contacting anyone who may have been affected, such as contacts who received spam from your account, and closely monitoring your account going forward.

What to read next

Stay in the know. Join 200,000+ readers and get the best of Moneywise sent straight to your inbox every week for free. Subscribe now.

This article provides information only and should not be construed as advice. It is provided without warranty of any kind.