Google has issued a critical security alert to its 2.5 billion Gmail users, warning them about an increase in successful hacking attempts. The company urges users to update their passwords and activate two-step verification (2SV) to secure their accounts.
Hackers Behind the Threat: ShinyHunters
The cybercriminal group ShinyHunters, active since 2020, is linked to several high-profile data breaches, including AT&T, Microsoft, Santander, and Ticketmaster. These hackers often deploy phishing emails to trick users into giving away passwords or 2SV codes.
Although most of the compromised data is publicly available, Google warns that these tactics could escalate into more targeted and dangerous attacks.
Google Notifies Affected Users
On August 8, 2025, Google emailed potentially affected users with guidance to strengthen their account security. Users are strongly encouraged to enable two-step verification (2SV), also known as two-factor authentication (2FA) or multi-factor authentication (MFA).
2SV requires a secondary confirmation, such as a code sent to a trusted device, which prevents unauthorized access even if the password is compromised.
Expert Advice: Strengthen Your Account Security
Security experts recommend enabling 2SV for all major online accounts, including email, banking, and social media. According to Action Fraud, 2SV “can stop criminals from accessing your accounts, even if they have your password.”
The Stop Think Fraud site adds, “Turning on 2SV provides an extra layer of protection and can be activated in just a few minutes. It’s time well spent to keep hackers out.”
Key Takeaway:
Enabling 2-step verification is one of the easiest and most effective ways to protect your Gmail and other online accounts from hackers.
