In a statement published on Monday, the company made it clear that the panic resulted from misinformation. “Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue,” Google wrote. “This is entirely false.”

The confusion arose after multiple outlets reported that users had been advised to reset their passwords due to a large-scale compromise.

Many Gmail account holders were surprised, having never received any such notification. The figure of 2.5 billion suggested the warning should have reached everyone, yet it did not.

Behind the rumours lies a smaller incident that occurred in June. Hackers linked to groups such as ShinyHunters and Scattered Spider breached a Salesforce database Google uses to manage advertiser contacts.

The attackers gained entry through social engineering, posing as IT staff before deploying malware.

The data they accessed included business names, contact details, and CRM notes, but no Gmail passwords, emails, or private content. Those affected were notified directly by early August.

While the Salesforce breach did not expose Gmail itself, it triggered a surge in phishing and impersonation attacks. Fraudsters have been exploiting the stolen information to send fake support emails and even make phone calls, a tactic known as “vishing.”

According to Google’s Threat Intelligence Group, phishing and vishing now account for 37% of successful account takeovers across its platforms.

The company stressed that its defences are robust, blocking the vast majority of threats. “While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users,” Google explained in its blog post.

Google also used the opportunity to encourage stronger digital habits. It recommends adopting passkeys, biometric-based alternatives to traditional passwords, and staying alert for suspicious emails or calls.

Although last week’s reports led some users to reset their Gmail credentials in fear of a breach, cybersecurity experts point out that regularly updating passwords is still good practice. The bigger lesson is the importance of clarity, panic spread quickly because a blog about phishing trends was mistaken for a global warning about Gmail itself.

Currently, Gmail users are not under the sweeping threat that headlines suggested. The risk is phishing, not a collapsed wall of Google’s email security.

This escalation has stressed the urgent need for large retail operators across the United States to be more careful and cautious, watching out for possible vulnerabilities.

In a direct alert issued on Wednesday, John Hultquist, a senior analyst at Google’s cybersecurity division, stated: “U.S. retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs.”

The warning follows a string of successful cyberattacks on British retailers, including Marks & Spencer, whose online operations have remained paralysed since April 25. These attacks have been traced back to a group linked to the cybercriminal collective known as “Scattered Spider.”

This loosely organised network is made up of hackers of varying skill levels. While the structure may seem scattered, the execution of their campaigns has been anything but. Their strategy is to target one sector, exploit its weaknesses, then move on. Right now, that sector is retail.

Scattered Spider is no newcomer to headline-making breaches. In 2023, they infiltrated U.S. casino giants like MGM Resorts International and Caesars Entertainment, causing significant financial and operational disruption. The shift to retailers suggests a deliberate and calculated evolution in their approach.

We’ve seen this before, hackers pushing through what should be solid security systems, often using creative methods like phishing, social engineering, and credential theft. The Scattered Spider-linked attackers aren’t simply opportunists, but tactically selecting targets and dismantling them with precision.

The issue isn’t just technical. Law enforcement agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), have been unable to contain the group. Their flexibility, the youth of many members, and the unwillingness of victims to cooperate have all hindered investigations. Neither the FBI nor CISA have provided public updates on the matter.

Retail industry platforms in the U.S. are taking the threat seriously. Christian Beckner, vice president at the National Retail Federation, confirmed that his organisation has been actively monitoring the UK incidents. “We’ve been closely tracking everything going on in the UK over the past few weeks,” he said. “There aren’t geographic boundaries on these threats.”

Meanwhile, the Retail & Hospitality Information Sharing and Analysis Centre (ISAC), which includes members such as Costco, McDonald’s, Lowe’s, and Albertsons, is now coordinating with Google to brief its members and strengthen defences.

Beyond a random cyber attack, we are looking at a sustained campaign targeting a specific sector with high-value data and operational exposure. If this is not resolved, we could be seeing a major escalation in the cybersecurity sector.