Katarzyna Petru
Google has officially confirmed that hackers are gaining access to Gmail accounts, with the main culprit being compromised passwords. In short: if you haven't changed your password this year, do it now.
In August, reports emerged that the Salesforce database linked to Google had been hacked. The result? 2.5 billion Gmail users are theoretically at risk. Additionally, scammers impersonating Google employees are attacking via emails and phone calls, even using artificial intelligence to sound more credible.
Why is a password not enough?
Google reminds us: password + SMS 2FA is no longer sufficient. Attacks are increasingly based on fake login pages that steal data and bypass two-factor authentication. Passkey is set to be the new standard — and this is what we should use as our default login method. The problem is that most people still rely solely on a password.
What to do now?
Change your password – preferably through a password manager (not the one built into your browser).
Stop using SMS for 2FA – switch to an authenticator app.
Add a passkey and only use that.
Don't log in from email links – even if they look like they're from Google.
Regularly check your account activity: Google Settings → Security → Review security activity.
Important
PC World confirms that general data (customer and company names) has leaked from Google, but no passwords. However, that's enough for phishing to rise. Users on Reddit are already describing suspicious calls from "Google employees" and strange messages from the email system.
If you see a request for a password where a passkey should be – run away.
If you receive an email with a login link – ignore it.
