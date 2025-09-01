Google is quietly urging Gmail users to act now as new threats emerge. If you use Gmail, change your password, enable two step verification, and check your account settings. This guidance follows a fresh wave of phishing attacks linked to a hacker group called ShinyHunters.

The group exploited a third party Salesforce tool to access a few Google Workspace inboxes. The breach didn’t come through Gmail or Google Cloud directly, but the warning applies to everyone. With scams targeting inboxes, Google wants users to act before threats get closer to home.

Why is Google asking everyone to reset? There’s been a rise in phishing, voice based scams, and credential stuffing after attackers touched a corporate Google system. Even if your Gmail account wasn’t involved, you could still be targeted.

Resetting your password helps cut off reused logins. Turning on two step verification adds a second layer of protection. These are basic steps, but they can make a difference.

Quick guide to securing your Gmail account Open your Google Account

Go to the Security tab

Choose Password and enter your current password.

Create a new password and save changes. Then run the Security Checkup to see where your account is signed in, recent activity, and whether your recovery contact info is up to date.

Steps that make your account stronger Enable two step verification using an app or passkey.

Sign out of unknown or unused devices.

Add recovery phone and email.

Consider Google’s Advanced Protection if you work in journalism, tech, or communications.

Use a password manager for strong, unique logins. 6 new Gmail rules you should know about Google is tightening account safety across sign ins, spam control, and inactive accounts. Some updates enforce existing policies more strictly than before.

1. More checks during sign in

Expect extra verification if logging in from a new location or device. These prompts help prevent unauthorised access.

2. A better view of your active sessions

You’ll now see clearer lists of signed in devices and sessions. Review and remove anything unfamiliar.

3. Smarter spam and phishing filters

Gmail is getting better at spotting suspicious emails. Some legit messages may end up in spam, so check before deleting.

4. New rules for bulk email senders

Senders must now authenticate, add visible unsubscribe links, and stay below complaint limits. Non compliant emails may be blocked.

5. Inactive accounts will be deleted

Accounts with no activity for two years will be removed, including Gmail and Google Drive. Log in occasionally to keep backup accounts active.

6. More visible security prompts

Gmail may show banners asking you to check recent activity or recovery info. These are triggered by risk signals, not just reminders.

Google confirmed the attackers used a stolen token, not a Gmail flaw. But the real concern is what follows. Phishing and impersonation attempts are increasing and the fallout could affect millions.

That is why Google is urging users to take action now. These changes focus on preventing future attacks rather than reacting to a single breach.