Gmail users: Change your password now
UPDATE: Sep. 2, 2025, 12:04 p.m. On Sept. 1, Google clarified that Gmail users were not at risk from security intrusions, refuting headlines that stated they had alerted billions to update their passwords immediately.
To users that haven't already locked down your personal accounts in light of massive data breaches: It's never too late.
That's why Google is once again urging its Gmail subscribers to protect their accounts, following a series of data attacks on corporate systems that could eventually threaten users' personal security. Google sent notifications to its 2.5 billion Gmail users in late July and then again on Aug. 8, warning them that hackers were ramping up phishing activity intended to fool users into giving up their log-in credentials.
[Editor's Note: Google has since denied sending out notifications to billions of users and reassured Gmail users that the security breaches were not as widespread as previously reported.]
You May Also Like
Apple AirPods Pro 3 Noise Cancelling Heart Rate Wireless Earbuds — $219.99 (List Price $249.00)
Apple iPad 11" 128GB Wi-Fi Retina Tablet (Blue, 2025 Release) — $274.00 (List Price $349.00)
Amazon Fire HD 10 32GB Tablet (2023 Release, Black) — $69.99 (List Price $139.99)
Sony WH-1000XM5 Wireless Noise Canceling Headphones — $248.00 (List Price $399.99)
Blink Outdoor 4 1080p Security Camera (5-Pack) — $159.99 (List Price $399.99)
Fire TV Stick 4K Streaming Device With Remote (2023 Model) — $24.99 (List Price $49.99)
Shark AV2511AE AI Robot Vacuum With XL Self-Empty Base — $249.99 (List Price $599.00)
Apple Watch Series 11 (GPS, 42mm, S/M Black Sport Band) — $339.00 (List Price $399.00)
WD 6TB My Passport USB 3.0 Portable External Hard Drive — $138.65 (List Price $179.99)
Dell 14 Premium Intel Ultra 7 512GB SSD 16GB RAM 2K Laptop — $999.99 (List Price $1549.99)
Google specifically referred to a group known as "ShinyHunters," which the company says has launched a data leak site (DLS) in an effort to escalate extortion pressure levied at users. Google notes the extortion emails include "shinycorp@tuta. com" and "shinygroup@tuta. com" domains.
In May, cybersecurity researcher Jeremiah Fowler reported that some 184 million passwords were potentially exposed in an open database, with many of the passwords tied to email providers like Google and social media platforms. One month later, Google Threat Intelligence Group (GTIG) reported that one of its corporate Salesforce server clusters (known as instances) was breached and exposed publicly available business information, such as business names and contact details, Google explained. The breach was continued activity from an online threat group known as UNC6040, which uses voice phishing to impersonate IT agents, steal data, and extort money. This week, GTIG issued another advisory to Salesforce clients about a large data breach by hacker group "UNC6395."
To prevent users getting bested by future phishing attempts, Google has encouraged its users to set up two-factor authentication and update their passwords. The company has also warned users never to click on emails with alerts such as "suspicious sign in prevented," which are commonly used by hackers during periods of increased cybersecurity warnings. Instead, users should check security alerts on their own — more on how to do that below.
How to check your Google security activity
- 3 min.
- Google account access
- desktop or mobile app.
Step 1: Log into your Google account.
Go to myaccount.google.com
Step 2: Navigate to "Security".
For desktop users, find this on the left side of the screen next to the padlock icon.
Step 3: Go to "Recent security activity".
Any security alerts in the last 28 days, including new sign-ins, should be visible here. Users can click for more information.
How to change your Gmail password
- 3 min
- Google account access
- desktop or mobile app
Step 1: Log into your Google account.
Step 2: Navigate to "Security."
Step 3: Scroll to the “How you sign in to Google” section.
Step 4: Click "Password".
Users can also see the last time they changed their password.
Step 5: Log in using your current password one more time.
How to set up 2-Step verification for Google
- 5 min
- Google account access
- desktop or mobile app
Step 1: Log in to your Google account.
Step 2: Navigate to "Security."
Step 3: Scroll to “How you sign in to Google”.
Step 4: Click "Turn on 2-Step Verification".
Step 5: Follow the steps on-screen.
In order to enable multi factor authentication, users will need to use an on-device passkey, the Google authenticator app (or other third-party authenticator), link a personal phone number, or set up a backup code.
Topics Cybersecurity Google
Chase joined Mashable's Social Good team in 2020, covering online stories about digital activism, climate justice, accessibility, and media representation. Her work also captures how these conversations manifest in politics, popular culture, and fandom. Sometimes she's very funny.
