Google has issued alerts to 2.5 billion Gmail users following a hacker group that carried out a global scale breach between August 8-18, by using compromised Open Authorisation (OAuth) tokens.
The attack did not particularly target individual Gmail accounts but also intruded Salesforce’s database, as per Google Threat Intelligence Group (GTIG).
Affected users receive notification through email and are urged to update their passwords and enable.
The hacker group, identified as UNC6395, was associated with a data theft campaign against Salesforce customers via compromised tokens linked to the Salesloft Drift app.
While the enterprise-focused breach has been eliminated, individual Gmail users are urged to take precautionary measures for their account’s safety.
The Alphabet-owned company advised:
- Must conduct a Security Check-up in account settings and fix the issues.
- Set a strong password by adding special characters.
- Turn on two-factor authentication.
- Sign out and review unrecognised devices.
- Cancelling third-party access from suspicious apps.
- Diligently monitor recent login activity in Gmail.
- Avoid opening any suspicious links or attachments.
Following these precautionary measures significantly reduces the chances of becoming prey to future breaches.
