Google Did Not Ask 2.5 Billion Gmail Users to Change Their Passwords

Last week, several media outlets reported that Google was allegedly mass-notifying all 2.5 billion Gmail users to urgently change their passwords and enable two-factor authentication. Google has since clarified that these claims are false and that Gmail has not suffered a security breach.

The Origin of the Claims

The reports suggested Gmail had experienced a serious data breach, citing Google’s recent warnings about an increase in phishing attacks. Some outlets also linked the rumors to recent incidents, including the Salesforce attack and the Salesloft hack, which impacted Google Workspace data. From there, speculation spread that Google was urging all Gmail users to reset their passwords.

Google’s Response

In response, Google published an official statement on its company blog, firmly denying the reports.

“We want to assure our users that Gmail’s protection is reliable and effective. Recently, a number of inaccurate claims have appeared online that erroneously stated we issued a mass warning to all Gmail users about a serious Gmail security issue. This is completely untrue.”

The company also reiterated the effectiveness of its defenses:

“While phishers are always looking for ways to break into mailboxes, our defenses continue to block more than 99.9% of phishing and malware attempts, which ultimately never reach users.”

Setting the Record Straight

Google stressed that security remains a top priority and called for accurate reporting on such issues.

“Security is a very important issue for all companies, customers, and users, which is why we take this work extremely seriously. Our teams invest significant resources, constantly innovate, and communicate clearly about the risks and the protections we use. It is crucial that discussion in this area is credible and fact-based,” the company stated.