Google Denies Reports That It Sent Security Notices to 2.5 Billion Gmail Users

Google is rebutting recent reports that the company warned more than 2.5 billion Gmail or Google account holders that their accounts were breached.

In a message to The Epoch Times on Sept. 2, a Google spokesman pointed to a statement issued by the tech giant a day earlier that “claims of a major Gmail security warning are false.”

“We want to reassure our users that Gmail’s protections are strong and effective. Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false,” the company said on Sept. 1, without making mention of where the claims had emerged.

“While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9 percent of phishing and malware attempts from reaching users.

“Security is such an important item for all companies, all customers, all users—we take this work incredibly seriously.”

Google also said that it is “crucial that conversation in this space is accurate and factual,” adding that the company is encouraging Gmail and other Google account users to “use a secure password alternative like Passkeys, and to follow these best practices to spot and report phishing attacks.”

Several news articles, including one published by the India-based Economic Times, another by Newsweek, and one by tech website Mashable, had said the company allegedly advised 2.5 billion Gmail users to update their passwords.

Newsweek cited a post from Google issued on Aug. 5 that an attacker group, ShinyHunters, sent malware to extract the contents of a Google database. The Economic Times article also said that Google issued a “stern warning” to its users about hackers gaining access to a massive database.

An Epoch Times review of the Google Aug. 5 notice shows that the company did not issue any advisory for Gmail users to change their passwords and that it had notified users who may have been impacted by a voice phishing attack.

Google originally reported on June 4 that the ShinyHunters had briefly breached the firm’s corporate Salesforce server. According to Google, an attacker was able to obtain only publicly available business information before the issue was fixed.

Several Epoch Times reporters who have Gmail accounts have said that Google had not sent any advisories of a breach to their accounts as of Tuesday.

The Google update comes days after about a dozen defense and intelligence agencies from the United States and other countries released a joint advisory saying that Chinese state-sponsored hackers may attack U.S. infrastructure.

Calling on American companies to shore up their defenses, the bulletin said attackers have compromised networks worldwide to support a Chinese state-sponsored espionage system.

“Beijing’s indiscriminate targeting of private communications demands our stronger collaboration with our partners to identify and counter this activity at the earliest stages,” Brett Leatherman, chief of the FBI’s Cyber Division, said in a statement this past week.