Google Warns Gmail Users: Change Your Passwords Now Amid Rising Cyber Threats
Google urges Gmail users to change passwords immediately after rising hacks. Enable passkeys, use 2FA apps, and secure accounts against phishing attempts.
Google has warned that most Gmail users must update their passwords and enable passkeys to protect accounts from phishing and hacking attempts.
Google has issued a major security warning for its 2.5 billion Gmail users worldwide, urging most account holders to immediately change their passwords following a surge in hacking attempts.
Gmail Under Threat
According to Google, hackers have successfully gained access to accounts by exploiting weak or reused passwords. Recent reports also reveal that scammers are impersonating Google support staff through emails and calls, sometimes even using AI-driven phishing tactics to trick users.
The warning comes after Google’s Salesforce database was reportedly targeted, raising concerns that Gmail and Google Cloud users could face large-scale phishing attempts.
Why Password Changes Are Critical
Google’s data shows only 36% of users regularly update their passwords, leaving the majority at risk. Even with two-factor authentication (2FA), many attacks are designed to bypass or trick users into sharing their codes.
The company is now strongly recommending:
- Switching to passkeys as the primary login method
- Using an authenticator app instead of SMS-based 2FA
- Avoiding Chrome or browser-based password managers in favor of standalone tools
- Never signing in via links received in emails or messages
Signs of a Security Breach
Users have reported suspicious activity on Reddit, including emails from "Mail Delivery Subsystem" and fake calls claiming to be from Google staff. Security experts warn these are phishing attempts linked to recent data leaks.
How to Protect Your Gmail Account
- Change your Gmail password immediately — use a strong, unique one.
- Enable passkeys and set them as the default login method.
- Update 2FA settings to an authenticator app.
- Ignore suspicious emails or calls claiming to be from Google.
- Regularly review your account’s security activity through Google settings.
Google stresses that while passkeys are the most secure option, regular password updates remain vital until traditional passwords are phased out completely.
