"Entirely false" - Google says there is no major security issue affecting Gmail

5 hours ago 9

(Image credit: Future)

Google has addressed recent claims of a major vulnerability in Gmail
The company denies any such claims, says they are “entirely false”
Certain Google Workspace accounts were compromised in recent SalesDrift attacks

Recent reports of a major security issue affecting Gmail are “entirely false”, Google has said.

In a blog post, the company said it wanted to reassure its users that Gmail’s protections are “strong and effective.”

“Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false,” the announcement reads.

Workspace compromise

While Google did not explicitly mention which claims it was addressing, some of its services had been linked to the recent Salesloft Drift attack.

Revenue workflow platform Salesloft recently suffered a cyberattack which saw threat actors break in through a third-party and steal sensitive information.

The company is using Drift, a conversational marketing and sales platform that uses live chat, chatbots, and AI, to engage visitors in real time, alongside its own SalesDrift, a third-party platform which links Drift’s AI chat functionality to Salesforce, syncing conversations, leads, and cases, into the CRM via the Salesloft ecosystem.

Starting around August 8, and lasting for about ten days, adversaries managed to steal OAuth and refresh tokens from SalesDrift, pivoting to customer environments, and successfully exfiltrating sensitive data.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Google later warned that certain Workspace accounts, as well as Salesforce instances, may have been compromised during the attack, as well. This led to some reports misinterpreting it to be Gmail being compromised, which, as Google now confirmed, is not the case.

“While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users,” Google added.

“Security is such an important item for all companies, all customers, all users — we take this work incredibly seriously. Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual.”

Google warns Salesloft Drift attack may have compromised Workspace accounts and Salesforce instances
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article