Google Confirms Targeted Attack on Gmail Users — Why Passwords Are No Longer Safe

Onsa MustafaLast Updated: Apr 18, 2025
Google Gmail attack

As technology advances day by day, hackers are also using new and advanced methods of hacking to bypass the security measures. Many tech giants have faced hacking attacks on and off and introduced security updates to stay up-to-date with the latest technology and to be safe. Google keeps on introducing security updates from time to time to keep its users safe. But seems like these measures are not enough. According to some latest reports, Google is once again under attack. Google has also confirmed an attack on Gmail users that combines inherent vulnerabilities in the platform with devious social engineering.

Many users have already reported the attack. As a quick response, Google also urgently issued a security warning suggesting that users should stop using their passwords.

Google Confirms Targeted Attack on Gmail Users — Why Passwords Are No Longer Safe

The victim of this attack was an Ethereum developer. The attack started with an email from a legitimate Google address warning the user that it had been served with a subpoena for his Google account. According to the user, that was a valid, signed email sent from [email protected]. It also passed the DKIM signature check, and Gmail displayed it without any warnings.

Google immediately responded, stating that “We’re aware of this class of targeted attack and have been rolling out protections for the past week. These protections will soon be fully deployed, which will shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”

See also: Google Rolls Out Gmail AI Upgrade – Should You Enable It?

Now, what is the solution? How to stay sage? The answer is “passkey”. Google has already warned its users to stop using the password to access their accounts, even if you have two-factor authentication (2FA) enabled and especially if that 2FA is SMS-based.

On the contrary, passkey is linked to your own physical device and requires your device security to unlock your Google account. So, if an attacker does not have your device, they can’t log in. This feature provides enough security to stay safe. Until hackers find a way to bypass it. Moreover, you should install reliable antivirus software and a firewall to help detect and block malicious activities. This is a best practice to stay away from public Wi-Fi networks. Lastly, you should educate yourself regularly about new scams and hacking tactics to stay one step ahead.

Onsa MustafaLast Updated: Apr 18, 2025
Photo of Onsa Mustafa

Onsa Mustafa

Onsa is a Software Engineer and a tech blogger who focuses on providing the latest information regarding the innovations happening in the IT world. She likes reading, photography, travelling and exploring nature.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
>