It's wild how quickly this rumor spread across major news sources, and yet I was unable to find a primary source at all. I wonder how this started.
greatgib · 1h ago
I was also confused. Thinking that it was a rumor, like the usual dump of credentials found in internet.
But no, Google had a major leak due to a lack of security on their side. And I have a strong suspicion that they released conflicting info over the past week in order to be fuzzy enough to defuse the blame. The "nothing to see there" while at the same time covering their ass by being able to say that they were transparent about it.
There was also an official post in Google blog about that, that conveniently is not easy anymore to find un Google search despite using all the right keywords...
So Google is using Salesforce to manage their Google ad leads and the database of their salesforces instances was breached. And despite the database not holding the passwords or credentials to your account, they have all the details about you, and your interactions with Google if you ever interacted with google ads. Like a few million persons.
And using that, it looks like hackers were able to craft more convincing than real emails looking like coming from Google, to scam people and still their credentials this time.
trod1234 · 1h ago
Rumor-mongering is primarily what the Chinese PLC and other state apparatus on their side does these days; at least much of the public facing after-math, its called irregular warfare or 5GW.
While I'm not familiar with the specific of this particular incident the fact I mention must always be considered.They are quite good at what they do.
For a bit of background checkout the Mandiant ORB Networks talk.
But no, Google had a major leak due to a lack of security on their side. And I have a strong suspicion that they released conflicting info over the past week in order to be fuzzy enough to defuse the blame. The "nothing to see there" while at the same time covering their ass by being able to say that they were transparent about it.
Here is a summary about what happened: https://news.trendmicro.com/2025/08/26/google-data-breach-gm...
There was also an official post in Google blog about that, that conveniently is not easy anymore to find un Google search despite using all the right keywords...
So Google is using Salesforce to manage their Google ad leads and the database of their salesforces instances was breached. And despite the database not holding the passwords or credentials to your account, they have all the details about you, and your interactions with Google if you ever interacted with google ads. Like a few million persons.
And using that, it looks like hackers were able to craft more convincing than real emails looking like coming from Google, to scam people and still their credentials this time.
While I'm not familiar with the specific of this particular incident the fact I mention must always be considered.They are quite good at what they do.
For a bit of background checkout the Mandiant ORB Networks talk.