
Kazakhstan’s Prosecutor General’s Office reported a Gmail data leak affecting up to 2.5 billion accounts worldwide, including users in Kazakhstan. Investigators said the ShinyHunters hacker group tricked a Google employee by social engineering.
How the breach happened
According to the Prosecutor General’s Office criminal threat forecasting center, the attackers posed as IT support staff and contacted a Google employee by phone. They persuaded the employee to authorize the malicious Salesforce Data Loader application, giving them access to a database containing Gmail user contact information and company names linked to the accounts.
Passwords were not compromised, but the stolen data could be used in large-scale phishing attacks.
Threat to users in Kazakhstan
The leak affected users globally, including those in Kazakhstan. Attackers may use the stolen data for targeted phishing and «vishing» (voice phishing) attempts.
Authorities have already reported cases where scammers posed as Google staff, calling from numbers with a 650 area code — the region code for Google’s California headquarters — and urging victims to reset their Gmail passwords. The goal is to steal two-factor authentication codes, passwords or direct account access.
What should users do
Officials recommend the following steps:
- Change your passwords immediately, especially if they are simple or reused.
- Enable two-factor authentication, or use stronger security such as biometrics or a PIN.
- Be wary of unsolicited calls or emails claiming to be from Google — nine out of 10 are fraudulent.
- Review account settings, restrict access, and monitor connected applications to ensure optimal security.
Authorities warn that even partial exposure of personal data can fuel large-scale scams. Users and organizations are advised to follow strict security practices and regularly review their account settings to minimize the risk of theft or unauthorized access.