Google has issued a critical warning to Gmail users, urging them to change their passwords immediately to secure their accounts. The warning follows the confirmation from the tech giant that hackers are exploiting compromised passwords, leading to a significant number of "successful account intrusions".

This warning comes in the wake of a major breach that exposed vulnerabilities, with Google's own Salesforce database being hacked, according to a report by Forbes . As a result, "all 2.5 billion Gmail users are now at risk". Adding to the concern, scammers have been using Google's AI to impersonate support staff, targeting users through fraudulent emails and calls.

Before these recent security breaches, Google had already advised users to bolster their accounts by upgrading their security measures. This includes using more secure forms of two-factor authentication (2FA) - ones that don't rely on SMS - and, most importantly, enabling passkeys as the default sign-in method.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

Despite these recommendations, however, many users still rely on passwords, often with only basic 2FA in place. Unfortunately, this leaves them vulnerable to attacks that lead to fake sign-in pages designed to steal passwords. In some cases, attackers even bypass 2FA, either by tricking users into revealing their codes or by completely bypassing the authentication process.

As highlighted in recent security breaches involving Amazon and PayPal, weak passwords put users at serious risk, especially when the same password is used across multiple accounts. Google has also confirmed that only 36 per cent of users regularly update their passwords, which underscores the need for more proactive password management.

The tech giant advises updating your password immediately if you haven't done so this year. Use a standalone password manager, rather than one built into your browser, to generate and store a secure new password. Additionally, switch your 2FA method to an authenticator app and, if you haven't already, set up a passkey for added security.

Once you've enabled passkeys, be diligent in using them as your primary method of access. If you encounter any sign-in window that asks for a password on a device with a passkey, treat it as a red flag. Furthermore, never sign in through links in emails, even if they appear to come from Google - these could very well be phishing attempts.

By taking these steps now, you can significantly reduce your risk of falling victim to account intrusions and ensure that your Gmail account remains secure.

MENAFN24082025000049011007ID1109968683