A recent Gmail hack has left 2.5 billion users at risk. Gmail and Google Cloud user names were exposed, but not passwords. Those with Multi-factor authentication are safe.
The hacking gang ShinyHunters managed to steal vast files packed with company names and customer contact details. It is understood that Vishing (AI voice cloning) is the latest deep-fake scam tricked an employee into granting access.
The scam factories are now using vishing to convince you to grant access to your Google account.
If you get a text message or a voice message from Google, don’t trust it’s from Google. Nine times out of 10, it’s likely not.
AI is processing the hacked data at a fantastic pace.
AI and powerful dark web computers are farming the data and trying brute force attacks using common passwords like “password” and “1234”.
AI is driving robocalls to Gmail users to connect scammers to potential victims.
What to do
Go to your Google Account
- Regardless of anything else, change your Google passwords NOW.
- If you have not done so, enable Multi-factor authentication NOW.
- Use ‘passkeys’ instead of passwords for stronger protection against hacking and phishing attempts.
- Run the Security Checkup and implement recommendations
- Check recent security activity to make sure that no one has tried to access your account.
- DO NOT REUSE PASSWORDS, especially if you have used them for Google.
- If you must use Chrome (and we recommend Firefox instead), make sure it is up to date.
If your account has been comprised, see Google’s advice here.
Corporate Users
Enrol in Google’s Advance Protection Program to use any passkey or any FIDO-compliant security key to physically secure your account and increase protection against harmful apps and phishing.
CyberShack’s view: The Gmail hack was inevitable. Google knew that and was well prepared.
Vishing is really about the enemy within being coerced or compromised to give access to hackers (whether they know it or not).
Google has implemented the strongest authentication via Multi-factor authentication, passkeys and more, but still some 30% have not enabled it.
Google’s new passkey is a passwordless sign-in that replaces traditional passwords using your device’s built-in authentication, such as a fingerprint, face scan, or screen lock (PIN/pattern), to log in securely and easily. Passkeys are built on industry standards, provide strong protection against phishing, and are stored on your device, not on Google’s servers.
Gmail hack, Gmail hack, Gmail hack, Gmail hack, Gmail hack, Gmail hack, Gmail hack
Comments