Katarzyna Petru
Google has officially confirmed that hackers are gaining access to Gmail accounts, with the main culprit being compromised passwords. In short: if you haven't changed your password this year, do it now.
In August, reports emerged that the Salesforce database linked to Google had been hacked. The result? 2.5 billion Gmail users are theoretically at risk. Additionally, fraudsters impersonating Google employees are attacking via emails and phone calls, and even using artificial intelligence to sound more credible.
Why is a password not enough?
Google reminds us: a password + SMS-based 2FA is no longer sufficient. Attacks are increasingly based on fake login pages that steal data and bypass two-factor authentication. Passkey is meant to be the new standard — and this is what we should use as the default method of logging in. The problem is that most people still rely on just a password.
What to do now?
Change your password – preferably using a password manager (not the one built into the browser).
Stop using SMS for 2FA – switch to an authenticator app.
Add a passkey and only use that.
Don't log in via email links – even if they appear to be from Google.
Regularly check your account activity: Google Settings → Security → Security Activity Review.
Important
PC World confirms that general data (customer and company names) has leaked from Google, but not passwords. However, this is enough for phishing to increase. On Reddit, users are already describing suspicious calls from "Google employees" and strange messages from the mail system.
If you see a request for a password where a passkey should be – run away.
If you receive an email with a login link – ignore it.
