Category: Google

Google

  • 2.5 Billion Gmail users at risk after database leak exposes pertinent account information

    2.5 Billion Gmail users at risk after database leak exposes pertinent account information

    It was recently revealed that Google’s Salesforce database was breached, exposing data for over 2.5 billion users at the time of reporting.

    Initially it was being reported that the leak would primarily effect only their business users as the data found in Salesforce mostly pertains to those accounts. However that was quickly dispelled as Gmail users reported increased attacks against their accounts, with some users reporting they even received a call from alleged Google employees notifying them of the breach of their account.

    We want to make it clear that no password data was leaked in this data breach (at least at the time of writing) instead the data is being used to increase the effectiveness of phishing attacks leveled at Gmail users. One example of the attacks that are occurring includes users being told to initiate an account reset wherein the bad actor intercepts the password and locks the original user out.

    Another attack being initiated is what Google calls “dangling bucket takeover” where the attacker essentially has access to a link connected to the users Google storage and uses it to hijack their account. Google outlines the four ways you can protect against this kind of attack in the page linked.

    While company based accounts might be the most prime targets – and this goes for phishing in general – that doesn’t mean individual users are safe. Spear phishing, a popular variant of phishing that involves researching and gaining access to user accounts outside of their prime target such as an employees close to the company lead, could be a motivator for the current rise in attacks related to this breach. They would then use those accounts to increase the legitimacy of phishing attempts leveled at the primary target (by sending messages as the compromised user).

    It is paramount in 2025 that users practice good safety hygiene when it comes to their online data, especially in an age where the onslaught of data breach news can feel overwhelming and increase a sense of helplessness. Even though data breaches are not rare, users can still protect themselves in the following ways:

    1. Enable Two-Factor Authentication (2FA)
    • Turn on Google 2-Step Verification.
    • Use an authenticator app (Google Authenticator, Authy, or similar) instead of SMS, since text messages can be intercepted.
    • For even stronger protection, consider a hardware security key (e.g., YubiKey).
    1. Use a Strong, Unique Password
    • Avoid reusing passwords across multiple sites.
    • Use a password manager (Bitwarden, 1Password, LastPass, etc.) to generate and store long, random passwords.
    • Change your password immediately if you suspect any compromise.
    1. Regularly Review Account Activity
    • Check Gmail’s “Last account activity” (bottom right of inbox) for unusual logins.
    • Review the Google Account Security page to see devices that have accessed your account.
    • Remove old or unused devices and apps with account access.
    1. Be Proactive Against Phishing
    • Always verify the sender’s address before clicking links.
    • Hover over links to confirm they point to legitimate Google domains.
    • Turn on Gmail’s Enhanced Safe Browsing in account security settings for extra phishing protection.

    Email remains the number one entry point for cyberattacks, from phishing scams to ransomware. At Valley Techlogic, we take a proactive approach to keeping your inbox safe. Our team helps businesses implement advanced spam filtering, real-time threat detection, and encryption to safeguard sensitive communications.

    Beyond just tools, we provide continuous monitoring, security awareness training, and rapid response in the event of a breach. With Valley Techlogic as your partner, you can rest easy knowing your organization’s most critical communication channel is protected. Learn more today with a consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • If you enabled 2-factor authentication on your Google account recently, your odds of being hacked dropped by half

    If you enabled 2-factor authentication on your Google account recently, your odds of being hacked dropped by half

    Google began requiring 2-factor authentication on some user accounts this past year, and while there’s always some inconvenience involved in making that switch the benefits definitely outweigh it.

    Google enrolled 150 million members in the last three months of 2021 in their 2-factor authentication program, and they’ve found that instances of accounts being hacked dropped by half for those users.

    Google utilizes two-step verification, or 2SV which involves having a login challenge beyond a simple password entry. This may be a message in Google’s own authenticator application or a hardware security key depending on user preference.

    Google said in their blog post on the topic, “This decrease speaks volumes to how effective having a second form of verification can be in protecting your data and personal information, turn on 2SV (or we will!), as it makes all the difference in the event your password is compromised.” Indicating Google’s plan to initiate the requirement across the board in the near future.

    The hesitancy with users to utilize such an effective security measure seems to stem from inconsistent implementation as well as a general lack of education on the topic. We thought it would be helpful to present this “cheat sheet” on multi-factor authentication and other cybersecurity acronyms.

    Cybersecurity Acronym Cheat SheetWith breaches being ever more common, having that additional step past just a password before a hacker can access your account can make all the difference. A password you use across multiple website (which is also a bad idea) may be leaked without you even being aware of it, and the prompt from a multi-factor authentication application may even be your first clue that your accounts are being accessed by someone other than yourself.

    Google’s own authenticator is found on the Play Store and the Apple App Store and is a solid option, however we suggest users use whatever they feel most comfortable with or whatever is offered by the the websites they frequent (especially for important sites like banking or for work related web portals).

    To add to your security effectiveness, we suggest using a password manager as well so you can work on having more varied passwords – especially for sites that don’t currently offer multi-factor authentication as an option.

    If you’d like tangible security, hardware security keys are a good option and many of them have widespread support for your online accounts such as email, social media, or even your password manager (adding another layer).

    Your devices also probably come with multi-factor security options built in, we’ve been pleased with the implementation of Windows Hello for Windows devices (even when we’re bleary eyed in the early morning, it always seems to recognize us). Fingerprint scanners for mobile devices have also come a long way and is a pretty convenient (and secure) way to keep access to your phone limited to just you.

    If you’re a business owner in the Central Valley and want to embark on the process of enabling multi-factor authentication within your business, Valley Techlogic can help. Our security experts can help you with enabling multi-factor authentication within your business as well help you meet your cybersecurity compliance goals. Reach out to us today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.