CERTVU would like to advise on the following;

In June 2025, threat actors from an entity known as UNC6040 (also functioning as ShinyHunters) achieved a successful infiltration of one of Google’s corporate Salesforce systems. This system contained business contact details and sales notes for small and medium-sized enterprises. Although no Gmail or Google Drive passwords or financial information were disclosed, the breach increased the vulnerability to targeted phishing campaigns utilizing the compromised contact data.

• The compromise did not extend to consumer services, meaning Gmail and other end-user products were directly breached.
• However, data derived from the Salesforce breach is now being weaponized to launch phishing (email-based) attacks aimed at Gmail users.

• Attackers have crafted compelling campaigns, impersonating Google staff or IT support to trick users into resetting passwords and divulging 2FA codes.
• Vishing calls from legitimate phone numbers and area codes – ultimately leading to account takeovers
• There is growing concern that ShinyHunters may escalate tactics by launching a data leak site or engaging in extortion campaigns using the stolen contact data.

CERT Vanuatu advises all Google/Gmail users to safeguard their Gmail accounts against emerging threats and strongly recommends the following precautions:

• Change your Gmail password immediately.
• Enable two-factor authentication (2FA)
• Remain alert to Phishing and vishing attempts