Is the report that "Google's database was hacked, putting 2.5 billion Gmail users at risk" true? A thorough explanation of the facts and practical measures

On August 20, some media outlets reported that "Google's database has been hacked, putting 2.5 billion Gmail users at risk." However, the facts currently known indicate that Google's "Gmail core user database" has not been breached. Google explained that their Salesforce environment used for business activities was compromised by the criminal group "ShinyHunters" through social engineering (such as voice phishing), resulting in the theft of mainly publicly available B2B information like company names and contact details. Passwords, Gmail inbox contents, and personal account credentials were not included. The incident is not limited to Google; it is part of a campaign targeting multiple companies' Salesforce environments in the summer of 2025, using methods like phone impersonation and OAuth exploitation. Nonetheless, there is a risk of increased phishing attempts disguised as "Gmail security alerts," and individual users need to be vigilant. This article provides a detailed explanation of the truth behind the reports, the mechanism of the attack, potential secondary damages, and practical defense measures that can be implemented immediately (such as passkeys, two-factor authentication, reviewing forwarding settings, and app passwords). Stay calm, don't be swayed by headlines, and check your accounts and devices.