Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts.
This claim was covered by numerous news outlets, as well as cybersecurity firms, which published stories about the so-called “urgent warning” asking 2.5 billion Gmail users worldwide to enable two-step authentication and reset their passwords.
However, as the company explained on a Monday blog post addressing these inaccurate stories, “Gmail’s protections are strong and effective, and claims of a major Gmail security warning are false.”
“Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false,” Google added.
The search giant also noted that over 99.9% of phishing and malware attacks are blocked by Gmail’s security defenses, advising users to switch to using passkeys to ensure their accounts aren’t hijacked even if their credentials are stolen.
“Security is such an important item for all companies, all customers, all users — we take this work incredibly seriously. Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual,” Google added.
This is just the latest such story, which numerous news websites and cybersecurity companies have reported without verification in recent years.
For instance, earlier this year, “one of the largest data breaches in history” saw widespread media coverage even though it was actually a massive compilation of credentials stolen by infostealers and exposed in data breaches that had been previously leaked online and repackaged into a single database.
In February 2024, another widely reported story about 3 million electric toothbrushes infected with malware to conduct distributed denial-of-service (DDoS) attacks proved to be based on a hypothetical scenario rather than an actual attack.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
