Google has issued a critical security warning to its 2.5 billion Gmail users, urging them to update their passwords due to a spike in successful hacking attempts. The company is strongly recommending the activation of two-step verification (2SV) and other protective measures to safeguard accounts.
ShinyHunters linked to high-profile cyberattacks
The hacking group ShinyHunters, reportedly inspired by the Pokémon franchise, has been active since 2020 and is tied to major data breaches at companies like AT&T, Microsoft, Santander, and Ticketmaster, according to SILIVE.com.
These hackers often use phishing emails to deceive users into visiting fake login pages or revealing sensitive details, such as 2SV codes.
Potential data leak risks
Although much of the compromised data in this incident was publicly available, Google cautions that these tactics could escalate into more targeted and severe attacks.
In a June blog post, Google stated, “We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS).”
Google notifies users
On August 8, Google emailed all potentially affected users, advising them to enhance their account security.
Two-step verification (2SV), also known as two-factor authentication (2FA) or multi-factor authentication (MFA), requires a secondary confirmation, such as a code sent to a trusted device, before granting access to an account.
This ensures that even if hackers obtain a password, they cannot log in without the additional verification.
Expert advice on strengthening account security
According to Mirror US, Action Fraud emphasized the importance of 2SV, stating, “Secure your email account by enabling 2-step verification (2SV). It can stop criminals from getting into your accounts, even if they have your password.”
Stop Think Fraud site also issued similar advice. “Turning on 2SV gives your most important accounts an extra level of protection, especially your email. It can be turned on in a matter of minutes – time well spent to keep the fraudsters out.”
“2SV can usually be found in the security settings of your account. Sometimes it’s called 2-factor authentication (2FA) or multi-factor authentication (MFA). 2SV is available for most of the major online services, such as email, banking, and social media.”
