More than 2.5 billion Gmail users could be targeted after a double threat that jeopardizes the security of the world’s most popular email service. On one side, a data leak linked to Salesforce exposed information from millions of accounts; on the other, Google has issued a critical alert about a new type of attack based on artificial intelligence: so-called Indirect Prompt Injections.
The Salesforce incident was attributed to group UNC6040, with connections to the known cybercriminal collective ShinyHunters. The attack occurred in June and was detected by Google Threat Intelligence Group in early August.
The technique used was not a sophisticated exploit but vishing, a form of social engineering involving fraudulent phone calls. Attackers impersonated tech support staff and managed to steal credentials from employees of large corporations. With this information, they accessed Salesforce environments containing part of Google’s database.
What data was leaked?
Basic contact information: names, email addresses, and phone numbers.
Primarily publicly available data, excluding passwords or internal credentials.
Although passwords were not compromised, the real risk lies in the widespread use of this information for highly targeted phishing campaigns. With valid emails and real names, attackers can craft fake Google messages that mimic security alerts, increasing the chances of deceiving even experienced users.
A new front: AI-driven attacks that don’t require clicks
Adding to concerns about mass phishing is a critical alert from Google about Indirect Prompt Injections, an emerging technique that exploits the increasing integration of AI in Gmail and other Google services.
How does this attack work?
Attackers embed malicious instructions into the body of an email, a shared document, or even a calendar invitation. When AI systems integrated into Gmail process this content, these instructions can be interpreted as valid commands, leading to sensitive data leaks, unauthorized actions, or opening doors to further intrusions.
The key difference from traditional attacks is that users don’t need to open an attachment or click a suspicious link. Simply having the AI interpret the content can trigger the attack.
Tips for protection
Against data leaks and phishing:
– Never share verification codes or passwords via phone or email.
– Be wary of urgency: attackers often pressure victims to act quickly without thinking.
– Enable two-factor authentication (2FA) on Gmail and other critical accounts.
– Always check URLs carefully before clicking, and be suspicious of emails with grammatical or stylistic errors.
Against Indirect Prompt Injections:
– Keep Gmail and related apps always updated.
– Carefully review emails, calendar invitations, and documents from unknown senders.
– Be cautious with messages requesting unusual actions.
– Implement advanced cybersecurity solutions that include anomaly detection in AI systems.
– Promote cybersecurity training within organizations, explaining this new attack vector.
A crucial lesson: human weakness and the new era of threats
The Gmail case serves as a stark reminder that sophisticated exploits aren’t always necessary to compromise millions. A well-prepared phone call can be enough to open the door.
At the same time, the rise of artificial intelligence introduces a new frontier: attacks that no longer depend on direct user interaction but on how AI systems process information. This forces a rethink of security in a landscape where automatic filters could paradoxically become the weak link.
Digital security in 2025 is no longer just about technology but also about ongoing awareness and prevention.
Frequently Asked Questions (FAQ)
1. Should I change my Gmail password after this leak?
Not necessary, as passwords were not compromised. However, it’s recommended to review recent access in your Google account and enable two-step verification.
2. What are Indirect Prompt Injections?
Attacks that embed hidden instructions in emails or documents. These commands are interpreted by AI systems in Gmail, which could result in malicious actions unnoticed by the user.
3. What’s the biggest risk from the Salesforce leak?
Using the exposed data for highly convincing phishing campaigns that can lead users to voluntarily disclose their login credentials.
4. How can I spot a phishing email pretending to be from Google?
Always check the full email address, avoid clicking suspicious links, distrust messages urging immediate action, and, if unsure, access your account directly through Google’s official website—not via received links.
via: https://www.opensecurity.es/hackers-atacan-millones-de-cuentas-de-gmail-tras-una-grave-filtracion-de-datos/