New Delhi: Google has issued a major security alert, warning that around 2.5 billion Gmail accounts could be exposed in a massive data theft campaign. The company’s Threat Intelligence Group (GTIG) has linked the breach to a threat actor named UNC6395, who targeted accounts between August 8 and August 18, 2025.
Detail of the breech
According to Google’s advisory, the attackers gained access to Gmail data using compromised authentication tokens from a third-party integration. Once inside, the attacker systematically extracted large amounts of account data, including usernames, email addresses, login details, and in some cases, stored credentials associated with other cloud services.
According to the report, the attackers sought sensitive information such as Amazon Web Services (AWS) keys, enterprise login URLs, and Snowflake access tokens. Google reported that although the group attempted to delete the query jobs to cover their tracks, the logs were preserved and can be used by organizations and users to verify the exposure.
Impact on users
While Google has not confirmed how many personal users’ data was directly compromised, the company said the scale of the breach is such that Gmail accounts around the world could be affected. There is no evidence that Gmail’s core systems were compromised. Instead, the breach occurred through a third-party integration that allowed attackers to extract data associated with Gmail accounts.
What you should do
Google urges all Gmail users to do the following immediately:
• Reset password and enable two-factor authentication (2FA) if not already enabled.
• Check recent login activity in Gmail settings to identify suspicious access attempts.
• Revoke app permissions by going to the Google Account Security dashboard and removing unknown third-party apps.
• Change credentials associated with Gmail, such as API keys or login details stored in messages.
• Be aware of phishing attempts, as attackers can use stolen data to create targeted scams.
We have taken all measures to ensure that the information provided in this article and on our social media platform is credible, verified and sourced from other Big media Houses. For any feedback or complaint, reach out to us at businessleaguein@gmail.com
Add businessleague.in as a Preferred Source
