The company stressed that the incident was confined to a business-related system. As Google explained, 'This issue did not impact consumer Gmail or Google Cloud customer data, and no passwords were compromised.'
Despite these assurances, cybercriminals have been quick to exploit the situation. Reports indicate a surge in phishing emails and vishing calls, with scammers impersonating Google employees.
Many of these fraudulent calls have come from numbers beginning with the 650 area code, which is tied to Google's California headquarters, giving the impression of authenticity.
Victims have described receiving alarming calls in which they were told their accounts had been hacked and were pressured into resetting their passwords. Once the new credentials were provided, attackers gained full access, locking out the rightful owners.
According to Fox News Technology, security experts have highlighted risks facing Google Cloud customers through what is known as the 'dangling bucket' vulnerability. This occurs when outdated or abandoned cloud storage addresses remain active, creating openings for hackers to inject malware or steal data.
Although no consumer passwords were exposed in the Salesforce breach, experts warn that even partial leaks can give cybercriminals the tools to mount larger, more damaging attacks.
The incident illustrates how quickly attackers can weaponize information that might appear relatively harmless on its own. It also underscores how social engineering tactics convincing people to hand over sensitive details remain one of the most effective ways to compromise digital accounts. With Gmail and Google Cloud serving close to 2.5 billion users, the potential scale of harm is enormous.
Google has urged users to remain vigilant and to strengthen their account protections. In its statement, the company encouraged people to review their account activity through Google's Security Checkup, to use strong and unique passwords, and to adopt two-factor authentication.
It also recommended the use of passkeys, describing them as a 'more secure, phishing-resistant' method of logging in. Importantly, Google reminded users that it does not call customers to request password resets or verification codes, warning that such calls are almost certainly fraudulent.
Rania Umutoni
