Kazakhstanis urged to immediately change their email passwords

Tengrinews.kz – The Committee on Legal Statistics and Special Records under Kazakhstan’s General Prosecutor’s Office has reported a cybersecurity threat involving a data breach of Google’s database. As a result of the leak, attackers gained access to the contact details and company names of Gmail users — potentially affecting up to 2.5 billion accounts — though passwords were not directly stolen.

According to the committee, the ShinyHunters hacking group is behind the attack. They used a social engineering tactic by calling a Google employee, posing as IT support, and tricking them into authorizing a malicious application called Salesforce Data Loader.

“The leak enables attackers to launch phishing and voice scams, pretending to be Google employees. Some users have reported fraudulent calls from numbers with the 650 area code, demanding Gmail password resets in an attempt to steal codes, passwords, or account access,” the statement said.

Gmail account protection tips

The Prosecutor’s Office issued the following recommendations for Kazakhstani users:

• Immediately change your password, especially if it’s simple or reused;
• Enable two-factor authentication (2FA) or use biometric/PIN security methods;
• Do not trust incoming calls or emails claiming to be from Google — 9 out of 10 are scams;
• Limit access and regularly review connected apps and services.

They also warned that even partial public data can be used in large-scale fraud schemes. Users and organizations are strongly advised to regularly review account settings and follow digital security best practices.