Global, September 3, 2025 — In response to alarming reports urging 2.5 billion Gmail users to change their passwords immediately, Google has issued a firm denial, calling the claims “entirely false.” The company emphasized that its systems remain robust, noting that phishing and malware attempts continue to be blocked at a 99.9% rate The Times of IndiaThe TelegraphThe Economic Times.
What’s Really Happening?
- Root Cause Not Gmail
The confusion stems from a breach of a third-party Salesforce database containing generic business-related data—not Gmail credentials The TelegraphThe Economic TimesThe Economic Times. - Rise in Phishing & Vishing Attacks
Cybercriminals are exploiting the leaked data to launch sophisticated attacks—impersonating Google support or corporate staff via deceptive emails and AI-fueled phone calls (“vishing”) to trick users into revealing their credentials Inc.comTom’s GuideThe Telegraph.
Google’s Advice to Users
To strengthen account defenses, Google recommends:
- Enable Two-Step Verification (2SV) or switch to passkeys for more resilient authentication Tom’s GuideInc.comThe Economic Times.
- Perform Security Checkups regularly to monitor devices, apps, and account settings Inc.comTom’s Guide.
- Stay alert to unsolicited emails or calls, and verify via official channels before taking any action Tom’s GuideInc.com.
Bottom Line
There is no confirmed breach of Gmail itself, and users aren’t being asked by Google to change passwords en masse. However, the Salesforce-related breach has enabled more convincing phishing attempts. The real threat lies in impersonation and social engineering, not compromised email services.
Taking proactive steps—like activating 2SV, adopting passkeys, and staying vigilant—remains the best defense against current cyberthreats.
