Google hits back at 'entirely false' reports of major Gmail security breach
Reports of a massive Gmail hack affecting billions of users have been denied by Google
Google has been forced to deny Gmail has been hit with a massive security breach in the wake of a flurry of media reports.
Over the last few days, reports have appeared in a number of publications, claiming that the company had issued a new security alert to its 2.5 billion Gmail users.
Several reports said that users should update their passwords following a breach of Google's Salesforce systems, which had allowed hackers to access a database containing Google Cloud and Gmail users’ data.
In a blog post on September 1st, the tech giant has since refuted those claims, insisting that previous issues pose no risk to users.
"We want to reassure our users that Gmail’s protections are strong and effective,” the company said. “Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.”
"While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users."
What’s behind the Gmail hack confusion?
The confusion appears to have originated in an incident reported by Google involving vulnerable Salesloft Drift instances targeted by the UNC6395 threat group.
The company said the hackers had compromised OAuth tokens for Drift Email integration and had used these tokens to access email from a very small number of Google Workspace accounts.
"The only accounts that were potentially accessed were those that had been specifically configured to integrate with Salesloft Drift; the actor would not have been able to access any other accounts on a customer's Workspace domain," the company said.
"In response to these findings and to protect our customers, Google identified the impacted users, revoked the specific OAuth tokens granted to the Drift Email application, and disabled the integration functionality between Google Workspace and Salesloft Drift pending further investigation."
It advised organizations to immediately review all third-party integrations connected to their Drift instance, revoke and rotate credentials for those applications and investigate all connected systems for signs of unauthorized access.
By August 8th, the company said it had taken measures to mitigate risks for users and alerted all those affected - which was nowhere near all Gmail users.
The attackers had only been active for a limited amount of time before access was cut off. The database contained contact information and related notes for small and medium businesses, and most of the exposed data was publicly-available information such as business names and contact details, it said.
The company did, though, email those affected to warn them that they should be on the lookout for social engineering and extortion attacks.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Ransomware payments are banned in the public sector: should businesses still pay?
- Enterprises need to patch these Citrix flaws now
- A notorious hacker group is ramping up cloud-based ransomware attacks
-
Brother UK hires new commercial chief amid channel strategy shake-upNews The appointment comes as the vendor looks to strengthen its channel strategy and support continued market expansion.
-
Proton is launching its own ‘private alternative’ to Google Workspace and Microsoft 365News The launch of Proton Workspace comes amid rising tensions over data sovereignty and privacy
-
Google just revised its ‘Q-Day’ timeline: Quantum computers could break existing encryption techniques within three years – and enterprises are nowhere near readyNews Google has warned that “Q-Day”, the point where a quantum computer is powerful enough to crack current encryption techniques, could come as soon as 2029.
-
Google just launched a new Gemini-powered dark web monitoring serviceNews A new AI-powered dark web monitoring service looks to give enterprises more "reasoned answers" and deeper insights
-
Flaw in Chrome’s Gemini Live gave attackers access to user cameras and microphonesNews The in-browser AI assistant loads differently in the side panel, rather than a regular tab, exposing users to risks
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
