Gmail users have been sweating over security recently, after Google reportedly sent notifications to its 2.5 billion users warning of a serious security issue. Now Google is denying these reports, reassuring users that Gmail’s security is “strong and effective.” It turns out that all that alarm may have simply been the result of misinformation.
In a blog post, Google officially refuted claims that its popular email service Gmail had recently suffered a massive security breach. “Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue,” Google wrote. “This is entirely false.”
While Google’s post doesn’t explicitly lay out the claims it refers to, the statement appears to address sweeping security notifications it allegedly sent to Gmail’s 2.5 billion users in late July and early August. These notifications reportedly warned of an increase in phishing attacks, as well as a hack which put all Gmail users at risk. Mashable and multiple other outlets reported on the story last week, warning Gmail users to change their passwords.
Such reports may have left some Gmail users scratching their heads, having not received any such notification from Google. As 2.5 billion encompasses Gmail’s entire active user base, one would expect every user to receive Google’s warning.
It now seems that the security issue at the heart of this tale may not have been the enormous breach that was claimed, and far fewer people were impacted than was first believed.
While Google did experience a security incident in recent months, it concerned the company’s corporate Salesforce server in June (Salesforce offers customer relationship management software). Google stated last month that, upon breaching the server, the hacker was only able to retrieve publicly available business information before they were ejected. Such information included business names and contact details, which isn’t exactly private or sensitive information.
Google further noted that those impacted by the incident were being informed, with everyone having been notified by early August. While the company did not state how many users were affected, it appears to have been a far smaller number than the 2.5 billion initially reported.
Like any good rumour, there is a kernel of truth to this story. In July, Google did publish a blog warning that phishing attacks have been intensifying. However, the post did not reference any specific attack, and merely offered the general information to contextualise new security features it was announcing to protect against such intrusions. Gmail users aren’t in any more danger from hackers than they usually are, and certainly not due to a breach of Google’s Salesforce server.
