8 comments

[ 4.8 ms ] story [ 32.4 ms ] thread
So many hacks before that had name, address, phone, ss number, had it all and people don't blink an eye.

Until it happens to them.

I get the sense that there was a time when Google would have not have trusted an off-the-shelf solution like Salesforce, and would have built their own in-house thing.
Don't worry I still get advertisements I can't unsubscribe from with one click from silicon valley bros.
> Activate Google’s Advanced Protection Program

I'm dubious. This requires you give google a phone number. Almost universally if you give a company a phone number there is eventually an avenue for an attacker to convince the company to give them control of the account by demonstrating control of the number (which they've sim swapped or otherwise hijacked).

Even if at the moment there is no avenue to exploit google this way (also doubtful), all it takes is some new product (like workspaces) that has a different security understanding or new bugs to open a vector.

Can we fix the title? This was a hack of a Salesforce instance used by Google, not Google itself.
This article links to a Forbes article that states it was a leak of a Saleforce instance that contained contact information about small and medium businesses.

This PCWorld article seems to be taking that to mean that every single gmail account (2.5B) is at risk with nothing to support that claim.