Attention Gmail Users: Update Your Password Immediately
To users who haven’t yet secured your personal accounts in light of recent data breaches: it’s never too late to take action. Google is gently reminding its Gmail subscribers to safeguard their accounts in response to a series of data incidents that may affect personal security. Recently, Google sent notifications to its 2.5 billion Gmail users, encouraging them to be vigilant against rising phishing attempts aimed at misleading users into compromising their login credentials.
Google has highlighted a group known as “ShinyHunters,” which has created a data leak site to intensify pressures on users. The company noted that the extortion emails are associated with domains such as “shinycorp@tuta.com” and “shinygroup@tuta.com.”
In May, cybersecurity researcher Jeremiah Fowler reported that around 184 million passwords were potentially exposed in an open database, with many links to email services like Google and popular social media platforms. A month later, Google’s Threat Intelligence Group emphasized a breach of one of its corporate Salesforce server instances, which revealed publicly accessible business information like names and contact details. This breach was part of ongoing activities from the online threat group “UNC6040,” which uses tactics like voice phishing to impersonate IT agents, steal data, and extort money. Recently, another advisory was issued regarding a significant data breach from hacker group “UNC6395.”
To help users combat phishing attempts, Google encourages everyone to implement two-factor authentication and regularly update their passwords. They also advise against clicking on emails with alerts such as “suspicious sign in prevented,” which are commonly misused by hackers. Instead, it’s wise to check security alerts directly for peace of mind. Here’s how you can check your Google security activity:
What You Need
- Google account access
- Desktop or mobile app
Step 1:
Log into your Google account.
Step 2:
Navigate to myaccount.google.com.
Step 3:
Go to “Security.”
For desktop users, find this on the left side of the screen next to the padlock icon.
Step 4:
Go to “Recent security activity.” Any security alerts in the last 28 days, including new sign-ins, should be visible here. You can click for more information.
How to change your Gmail password
What You Need
- Google account access
- Desktop or mobile app
Step 1:
Log into your Google account.
Step 2:
Navigate to “Security.”
Step 3:
Scroll to the “How you sign in to Google” section.
Step 4:
Click “Password.”
You can also see the last time you changed your password.
Step 5:
Log in using your current password one more time.
How to set up 2-Step verification for Google
What You Need
- Google account access
- Desktop or mobile app
Step 1:
Log into your Google account.
Step 2:
Navigate to “Security.”
Step 3:
Scroll to “How you sign in to Google.”
Step 4:
Click “Turn on 2-Step Verification.”
Step 5:
Follow the on-screen steps. To enable multi-factor authentication, users will need to utilize an on-device passkey, the Google authenticator app (or another trusted authenticator), link a personal phone number, or set up a backup code.
Topics
- Cybersecurity
