2.5B Gmail users endangered after Google database hack

https://www.pcworld.com/article/2880822/2-5-billion-gmail-users-endangered-after-google-database-hack.html

39•alhazraed•3h ago

Comments

roscas•2h ago

So many hacks before that had name, address, phone, ss number, had it all and people don't blink an eye.

Until it happens to them.

lokar•2h ago

I remember hearing that Google forced its insurance provider to make up new IDs for employees rather then use SSN, which was common at the time.

phendrenad2•2h ago

I get the sense that there was a time when Google would have not have trusted an off-the-shelf solution like Salesforce, and would have built their own in-house thing.

exabrial•2h ago

Don't worry I still get advertisements I can't unsubscribe from with one click from silicon valley bros.

javier2•2h ago

Now they can train ad bots on your emails too!

wslh•2h ago

Isn't this huge from Google's security perspective? I don't recall any previous successful attack on its core infrastructure.

A quick search/prompt shows:

- Operation Aurora: <https://en.wikipedia.org/wiki/Operation_Aurora>

- 2010s global surveillance disclosures: <https://en.wikipedia.org/wiki/2010s_global_surveillance_disc...>

decimalenough•2h ago

The hack was on a Salesforce instance owned and operated by Salesforce but used by Google, not Google core infra.

lern_too_spel•2h ago

The headline looks incorrect. This looks like a blogspam of a blogspam of the original Salesforce database hack reported a while ago, where Google Cloud customers had their company name and contact information stolen. This information is useful for phishing attacks on those Google Cloud customers. Free Gmail users wouldn't be in that database.

nullc•2h ago

> Activate Google’s Advanced Protection Program

I'm dubious. This requires you give google a phone number. Almost universally if you give a company a phone number there is eventually an avenue for an attacker to convince the company to give them control of the account by demonstrating control of the number (which they've sim swapped or otherwise hijacked).

Even if at the moment there is no avenue to exploit google this way (also doubtful), all it takes is some new product (like workspaces) that has a different security understanding or new bugs to open a vector.

thrill•2h ago

A phone number is optional if you give a recovery email. Create an iCloud account you don't use for any other reason and don't share it with anyone.

nh2•2h ago

Duplicate of event from August 5 ("one of Google’s corporate Salesforce instances was impacted"):

https://news.ycombinator.com/item?id=44812343

https://cloud.google.com/blog/topics/threat-intelligence/voi...

miohtama•2h ago

Salesforce did not have user data, so the title is bogus

decimalenough•2h ago

Can we fix the title? This was a hack of a Salesforce instance used by Google, not Google itself.

devrand•2h ago

This article links to a Forbes article that states it was a leak of a Saleforce instance that contained contact information about small and medium businesses.

This PCWorld article seems to be taking that to mean that every single gmail account (2.5B) is at risk with nothing to support that claim.

Show HN: AI Transcription Service for Legal and Court TRM Files

Russia's Most Wanted Hackers [video]

A proof of concept to put a better Emacs UI on top of Gnuplot

AI Companion Conditions

My Playbook for full-stack MVP with Claude Code

Redesigning the Intrinsic Perspective

Dumbphone Finder

My Brainrot Demands Slop: Infinite Jest and GenAI

The Gypsy document editor from Xerox PARC: celebrating 50 years

Java will get Haskell's type classes

Private equity fundraising slides as sector's downturn deepens

Real-world gen AI use cases with technical blueprints

Altruistic Alignment in Governance, Industry, and Individuals

Engineering Earth. Building a prosperous future demands bold ideas [video]

What Tailscale isn't: an anonymity service

Step Right Up (Song)

The Unix-HATERS handbook (1994) [pdf]

How to generate uniformly random points on n-spheres and in n-balls

AI will take a bite out of software valuations

Show HN: Peroxide – P2P Multiplayer Pong on GitHub Pages (WebRTC and Rust/WASM)

The Platform for Building Agents

Are we creating intelligence, or discovering it?

The Cowboy of Generic Drugs

Gamers Nexus: Our Channel Could Be Deleted [video]

I'm Fighting for My Freedom Using Outdated Technology

HTTP/3

Warming the atmosphere: Clear waters emit more methane than turbid waters

The Unusual Nonprofit That Helps ICE Spy on Wire Transfers

Prompt engineering is collapsing – GPT-5 just proved it

Determining optimal protein intake from data, not dogmatism