Katarzyna Petru
Google has officially confirmed that hackers are gaining access to Gmail accounts, and the main culprit is compromised passwords. In short: if you haven’t changed your password this year, do it now.
In August, reports emerged that a Salesforce database linked to Google had been hacked. The result? 2.5 billion Gmail users are theoretically at risk. In addition, fraudsters impersonating Google employees are attacking via emails and phone calls, and even using artificial intelligence to sound more credible.
Why is a password not enough?
Google reminds us: password + SMS-based 2FA are no longer sufficient. Attacks are increasingly based on fake login pages that steal data and bypass two-factor security. Passkey is supposed to be the new standard — and this is what we should use as the default login method. The problem is that most people still rely on just a password.
What to do now?
Change your password – preferably using a password manager (not the one built into your browser).
Stop using SMS for 2FA – switch to an authentication app.
Add a passkey and use only that.
Do not log in using email links – even if they look like they're from Google.
Regularly check your account activity: Google Settings → Security → Review Security Activity.
Important
PC World confirms that general data (customer and company names) has leaked from Google, not passwords. But that's enough for phishing to rise. On Reddit, users are already describing suspicious calls from "Google employees" and strange email system notifications.
If you see a request for a password where there should be a passkey – run away.
If you receive an email with a login link – ignore it.
