Google is assuring its Gmail users that its protections are "strong and effective" and that rumours that it has warned billions of email users to update their passwords are "entirely false".

"Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue," the US company posted in a .

If you missed the memo, millions of Gmail users had their contact information . The hacking group ShinyHunters managed to access a Google database by deceiving one of its employees into revealing login credentials for a system hosted on Salesforce's cloud platform. Crooks working at ShinyHunters stole a bucketload of files with company names and contact details.

Since then, reports have claimed that Gmail issued an alert, telling "everyone" to change their password as a result, but this is not the case.

"While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users," stated Google.

But while there's no need to change your Gmail password, Google has advised one change to the security setup on your email account. It added: "As best practices for additional protection, we encourage users to use a secure password alternative like Passkeys."

Google owns Gmail, one of the most popular email clients on the planet, with over 2.5million users

For those who don't know, Passkeys are a password replacement that lets you sign into apps, websites, and other online accounts in the same manner that you unlock your device – using a fingerprint, a facial scan, or an on-screen PIN. Since it's the biometric security feature on the device that's vouching for you, Passkeys can't be stolen or guessed, like a password. Google believes these will eventually replace passwords entirely.

Other companies, like and are both pushing users to consider this option.

If you did happen to be impacted by the hack, your email address and contact details could be in the hands of criminals who are actively using this information to target you. Think of it as thieves having your home address and phone number – they can't get inside yet, but they know exactly where to find you.

The breach triggered an avalanche of scam attempts, with fraudsters impersonating Google staff through phone calls and emails to trick you into surrendering your account access.

Google confirmed the initial incident on August 5 and started to notify affected customers on August 8. They stated the compromised data was "largely publicly available business information."

The breach occurred when ShinyHunters manipulated a Google employee through social engineering, essentially tricking them into sharing their login credentials. It's similar to someone pretending to be your bank on the phone and convincing you to reveal your PIN.

The criminals gained access to business files containing company names and customer contact information stored in Google's Salesforce database. While Google has confirmed that no passwords were stolen during the incident, the information they did obtain is still valuable to scammers.

The is designed to generate and store unguessable passwords, passkeys, credit card numbers, national insurance numbers, and much more. This encrypted vault is available across all of your favourite devices, including iPhone and Android, Windows and Mac computers, iPad and other tablets. Its built-in WatchTower feature evaluates password strength and warns about data breaches that impact you. 1Password is currently with no obligation to subscribe

Your email address and associated details are now part of a massive list being circulated among cybercriminals. They're using this data to craft convincing impersonation attempts, knowing exactly which email addresses are genuine Gmail accounts and potentially linking them to other personal information.

The criminals are now bombarding you with fake calls, particularly from 650 area code numbers, attempting to convince you to reset your Gmail password. If you fall for these schemes, you'll find yourself locked out of your account or discover your private files have been stolen.

Google recognises that security is a main priority for its customers. They said in their statement: "Security is such an important item for all companies, all customers, all users — we take this work incredibly seriously. Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place."

Hackers are progressively creating more opportunities to potentially hack into your accounts.

Cybersecurity expert James Knight told, "There's a huge increase in the hacking group trying to gain leverage on this. There's a lot of vishing – people calling, pretending to be from Google, text messages coming through in order to get people to log in, or get codes to log in."

He emphasised: "If you do get a text message or a voice message from Google, don't trust it's from Google. Nine times out of 10, it's likely not."

Some hackers are taking a more direct approach, attempting to break into accounts by testing common passwords, such as "password," against the stolen email addresses.

Mr. Knight has outlined essential steps you need to take immediately to protect your account. "First thing, ensure multi-factor authentication is set. Second thing, make sure you've got a really strong password that's unique on that account," he advised.

Multi-factor authentication creates an additional security barrier by requiring a code sent to your phone or email before allowing login. It's like having a double lock on your door - even if someone has your key, they can't get in without the second verification.

Multi-factor authentication creates an additional security barrier by requiring a code sent to your phone or email before allowing login.

"Do the Google security checkup. That's a key thing as well, so they can identify the weakest points in their accounts," Mr. Knight added.

Beyond the direct scam attempts, criminals are employing sophisticated tactics like the "dangling bucket" method. This involves infiltrating Google Cloud accounts through forgotten or outdated access points - imagine leaving a spare key under your doormat that you've forgotten about.

If you're unfamiliar with Google Cloud, it's a suite of services from Google that provides computing resources, data storage, machine learning tools, and other infrastructure for developers and businesses to build, run, and scale applications.

Mr. Knight revealed his surprise at Google's vulnerability: "Google puts a lot of money into their security, and they even purchased a security company many years ago, so it's surprising that they left this one open, and the hackers gained access to the Salesforce database environment."

ShinyHunters has built a reputation for targeting major corporations and their cloud-based systems, making this attack part of a broader pattern of high-profile breaches.