2.5B Gmail users endangered after Google database hack

https://www.pcworld.com/article/2880822/2-5-billion-gmail-users-endangered-after-google-database-hack.html

42•alhazraed•5mo ago

Comments

roscas•5mo ago

So many hacks before that had name, address, phone, ss number, had it all and people don't blink an eye.

Until it happens to them.

lokar•5mo ago

I remember hearing that Google forced its insurance provider to make up new IDs for employees rather then use SSN, which was common at the time.

phendrenad2•5mo ago

I get the sense that there was a time when Google would have not have trusted an off-the-shelf solution like Salesforce, and would have built their own in-house thing.

exabrial•5mo ago

Don't worry I still get advertisements I can't unsubscribe from with one click from silicon valley bros.

javier2•5mo ago

Now they can train ad bots on your emails too!

wslh•5mo ago

Isn't this huge from Google's security perspective? I don't recall any previous successful attack on its core infrastructure.

A quick search/prompt shows:

- Operation Aurora: <https://en.wikipedia.org/wiki/Operation_Aurora>

- 2010s global surveillance disclosures: <https://en.wikipedia.org/wiki/2010s_global_surveillance_disc...>

decimalenough•5mo ago

The hack was on a Salesforce instance owned and operated by Salesforce but used by Google, not Google core infra.

lern_too_spel•5mo ago

The headline looks incorrect. This looks like a blogspam of a blogspam of the original Salesforce database hack reported a while ago, where Google Cloud customers had their company name and contact information stolen. This information is useful for phishing attacks on those Google Cloud customers. Free Gmail users wouldn't be in that database.

nullc•5mo ago

> Activate Google’s Advanced Protection Program

I'm dubious. This requires you give google a phone number. Almost universally if you give a company a phone number there is eventually an avenue for an attacker to convince the company to give them control of the account by demonstrating control of the number (which they've sim swapped or otherwise hijacked).

Even if at the moment there is no avenue to exploit google this way (also doubtful), all it takes is some new product (like workspaces) that has a different security understanding or new bugs to open a vector.

thrill•5mo ago

A phone number is optional if you give a recovery email. Create an iCloud account you don't use for any other reason and don't share it with anyone.

nullc•5mo ago

Nope. Doesn't work. Insists on adding a recovery phone number.

Citizen8396•5mo ago

What if you enroll two security keys?

nh2•5mo ago

Duplicate of event from August 5 ("one of Google’s corporate Salesforce instances was impacted"):

https://news.ycombinator.com/item?id=44812343

https://cloud.google.com/blog/topics/threat-intelligence/voi...

miohtama•5mo ago

Salesforce did not have user data, so the title is bogus

decimalenough•5mo ago

Can we fix the title? This was a hack of a Salesforce instance used by Google, not Google itself.

devrand•5mo ago

This article links to a Forbes article that states it was a leak of a Saleforce instance that contained contact information about small and medium businesses.

This PCWorld article seems to be taking that to mean that every single gmail account (2.5B) is at risk with nothing to support that claim.

The only U.S. particle collider shuts down

Ask HN: Why do purchased B2B email lists still have such poor deliverability?

Show HN: Remotion directory (videos and prompts)

Portable C Compiler

Show HN: Kokki – A "Dual-Core" System Prompt to Reduce LLM Hallucinations

Software Engineering Transformation 2026

Microsoft purges Win11 printer drivers, devices on borrowed time

Lunch with the FT: Tarek Mansour

Old Mexico and her lost provinces (1883)

'AI' is a dick move, redux

The source code was the moat. But not anymore

Does anyone else feel like their inbox has become their job?

An AI model that can read and diagnose a brain MRI in seconds

Dev with 5 of experience switched to Rails, what should I be careful about?

AlphaFace: High Fidelity and Real-Time Face Swapper Robust to Facial Pose

Scientists discover “levitating” time crystals that you can hold in your hand

Rammstein – Deutschland (C64 Cover, Real SID, 8-bit – 2019) [video]

Tell HN: Yet Another Round of Zendesk Spam

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

NY lawmakers proposed statewide data center moratorium

OpenClaw AI chatbots are running amok – these scientists are listening in

Show HN: AI agent forgets user preferences every session. This fixes it

Introduce the Vouch/Denouncement Contribution Model

Show HN: SSHcode – Always-On Claude Code/OpenCode over Tailscale and Hetzner

Microsoft appointed a quality czar. He has no direct reports and no budget

Multi-agent coordination on Claude Code: 8 production pain points and patterns

Washington Post CEO Will Lewis Steps Down After Stormy Tenure

DevXT – Building the Future with AI That Acts

A Minimal OpenClaw Built with the OpenCode SDK