2.5b Gmail Users Endangered After Google Database Hack

Posted5 months agoActive5 months ago

alhazraed

42 points

16 comments

pcworld.comTechstory

skepticalnegative

Debate

70/100

GoogleData BreachCybersecuritySalesforce

Key topics

Google

Data Breach

Cybersecurity

Salesforce

A Salesforce instance used by Google was hacked, potentially exposing contact information, but the actual risk to Gmail users is disputed among commenters.

Snapshot generated from the HN discussion

Discussion Activity

Active discussion

First comment

28m

Peak period

0-1h

Avg / period

5.3

Comment distribution16 data points

Loading chart...

Based on 16 loaded comments

Key moments

01Story posted
Aug 24, 2025 at 6:22 PM EDT
5 months ago
Step 01
02First comment
Aug 24, 2025 at 6:50 PM EDT
28m after posting
Step 02
03Peak activity
14 comments in 0-1h
Hottest window of the conversation
Step 03
04Latest activity
Aug 25, 2025 at 10:22 AM EDT
5 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (16 comments)

Showing 16 comments

roscas

5 months ago

1 reply

So many hacks before that had name, address, phone, ss number, had it all and people don't blink an eye.

Until it happens to them.

lokar

5 months ago

I remember hearing that Google forced its insurance provider to make up new IDs for employees rather then use SSN, which was common at the time.

exabrial

5 months ago

1 reply

Don't worry I still get advertisements I can't unsubscribe from with one click from silicon valley bros.

javier2

5 months ago

Now they can train ad bots on your emails too!

wslh

5 months ago

2 replies

Isn't this huge from Google's security perspective? I don't recall any previous successful attack on its core infrastructure.

A quick search/prompt shows:

- Operation Aurora: <https://en.wikipedia.org/wiki/Operation_Aurora>

- 2010s global surveillance disclosures: <https://en.wikipedia.org/wiki/2010s_global_surveillance_disc...>

decimalenough

5 months ago

The hack was on a Salesforce instance owned and operated by Salesforce but used by Google, not Google core infra.

lern_too_spel

5 months ago

The headline looks incorrect. This looks like a blogspam of a blogspam of the original Salesforce database hack reported a while ago, where Google Cloud customers had their company name and contact information stolen. This information is useful for phishing attacks on those Google Cloud customers. Free Gmail users wouldn't be in that database.

nullc

5 months ago

1 reply

> Activate Google’s Advanced Protection Program

I'm dubious. This requires you give google a phone number. Almost universally if you give a company a phone number there is eventually an avenue for an attacker to convince the company to give them control of the account by demonstrating control of the number (which they've sim swapped or otherwise hijacked).

Even if at the moment there is no avenue to exploit google this way (also doubtful), all it takes is some new product (like workspaces) that has a different security understanding or new bugs to open a vector.

thrill

5 months ago

1 reply

A phone number is optional if you give a recovery email. Create an iCloud account you don't use for any other reason and don't share it with anyone.

nullc

5 months ago

1 reply

Nope. Doesn't work. Insists on adding a recovery phone number.

Citizen8396

5 months ago

What if you enroll two security keys?

nh2

5 months ago

1 reply

Duplicate of event from August 5 ("one of Google’s corporate Salesforce instances was impacted"):

https://news.ycombinator.com/item?id=44812343

https://cloud.google.com/blog/topics/threat-intelligence/voi...

miohtama

5 months ago

Salesforce did not have user data, so the title is bogus

phendrenad2

5 months ago

I get the sense that there was a time when Google would have not have trusted an off-the-shelf solution like Salesforce, and would have built their own in-house thing.

devrand

5 months ago

This article links to a Forbes article that states it was a leak of a Saleforce instance that contained contact information about small and medium businesses.

This PCWorld article seems to be taking that to mean that every single gmail account (2.5B) is at risk with nothing to support that claim.

decimalenough

5 months ago

Can we fix the title? This was a hack of a Salesforce instance used by Google, not Google itself.

View full discussion on Hacker News

ID: 45008323Type: storyLast synced: 11/20/2025, 5:45:28 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN