"Entirely false" - Google says there is no major security issue affecting Gmail

News
By published

Google hits back at recent claims of a major security issue with Gmail

A laptop screen on an orange background showing the Gmail logo and an inbox
(Image credit: Future)
  • Google has addressed recent claims of a major vulnerability in Gmail
  • The company denies any such claims, says they are “entirely false”
  • Certain Google Workspace accounts were compromised in recent SalesDrift attacks

Recent reports of a major security issue affecting Gmail are “entirely false”, Google has said.

In a blog post, the company said it wanted to reassure its users that Gmail’s protections are “strong and effective.”

“Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false,” the announcement reads.

Workspace compromise

While Google did not explicitly mention which claims it was addressing, some of its services had been linked to the recent Salesloft Drift attack.

Revenue workflow platform Salesloft recently suffered a cyberattack which saw threat actors break in through a third-party and steal sensitive information.

The company is using Drift, a conversational marketing and sales platform that uses live chat, chatbots, and AI, to engage visitors in real time, alongside its own SalesDrift, a third-party platform which links Drift’s AI chat functionality to Salesforce, syncing conversations, leads, and cases, into the CRM via the Salesloft ecosystem.

Starting around August 8, and lasting for about ten days, adversaries managed to steal OAuth and refresh tokens from SalesDrift, pivoting to customer environments, and successfully exfiltrating sensitive data.

Google later warned that certain Workspace accounts, as well as Salesforce instances, may have been compromised during the attack, as well. This led to some reports misinterpreting it to be Gmail being compromised, which, as Google now confirmed, is not the case.

“While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users,” Google added.

“Security is such an important item for all companies, all customers, all users — we take this work incredibly seriously. Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual.”

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.