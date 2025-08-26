Google has confirmed that hackers are successfully breaking into Gmail accounts, with compromised passwords behind a significant number of intrusions. The company has now urged users, including millions in Pakistan, to change their passwords immediately to secure their accounts and protect sensitive information such as credit card and other personal details.

This warning comes amid growing concerns after reports that a Salesforce database linked to Google was hacked, affecting all 2.5 billion Gmail users globally. While Google clarified that leaked data did not include passwords, customer and company names were exposed. Experts warn that this breach has already triggered an increase in phishing attempts. Scammers posing as Google support staff have been contacting account holders through emails and phone calls, reportedly using Google’s own AI technology to appear more convincing.

Even before these latest incidents, Google had advised most account holders to strengthen their security. The company stressed that relying on passwords alone, even with SMS-based two-factor authentication (2FA), is no longer enough. Instead, Google urges users to:

Set up a passkey and make it the default login method.

Replace SMS-based 2FA with an authenticator app.

Use a standalone password manager rather than one built into Chrome or other browsers to generate and save strong credentials.

Security researchers warn that many attacks now involve fake sign-in pages designed to steal Gmail passwords. Some also add extra steps to trick users into providing 2FA codes or bypassing them altogether. Google’s own figures show that only 36% of users regularly update their passwords, leaving the majority exposed.

The threat is particularly concerning in Pakistan, where Gmail accounts are often linked with mobile wallets, e-commerce platforms, and banking services. Analysts say that a hacked Gmail account could lead directly to financial fraud and theft.

Global concerns have also been echoed on platforms such as Reddit, where users have reported suspicious “mail delivery subsystem” messages. In one post, a user described receiving repeated failed delivery emails, later suspected to be part of a new phishing tactic. Respondents explained that attackers spoof Gmail addresses, generating delivery failure messages that contain spam links.

Despite Google’s reassurance that passwords were not part of the leaked data, experts emphasize that phishing remains a major risk. PC World reported that “initial reports of attempted attacks have already been seen on Reddit, which are likely related to the data leak.”

Authorities advise that users must remain vigilant. Any unexpected request for Gmail credentials, especially via links in emails or calls from supposed Google representatives, should be treated as suspicious. Instead, Pakistani users concerned about account security are urged to go directly to their Google Account Security page and review recent activity.

Cybersecurity officials warn that ignoring these alerts could expose users to identity theft, phishing attacks, and direct financial loss.