Did Gmail send ‘emergency warning’ to 2.5 billion users? Google says it never happened

Google has debunked claims about sending an ‘emergency warning’ to all Gmail users. The tech giant in a blogpost on Tuesday stated that 'Gmail’s protections are strong and effective' while calling the reports of a major security breach, ‘entirely false’.

“We want to reassure our users that Gmail’s protections are strong and effective. Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.” the company wrote in a blogpost. 

“While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users.” the company added

While the company did not specifically mentioned the reports it was referring to, it is clear that the issue was indeed with multiple reports claiming that a warning had been issued to all 2.5 billion users of Gmail in regards to phishing attack following the recent Salesforce breach. 

Google had itself informed about the Phishing attack in a blogpost in June and later in an update on 8 August noted that it had completed notifying all users affected by the incident. This seems to have been miscontrued in the reports as incident of Google sending warning to all Gmail users. 

“Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual.” Google cautioned in its blogpost.

Google also took the opportunity to inform users about the need of stepping away from passwords to alternatives like Passkys for a more secure experience.

Notably, Passkeys are generally considred safer than passwords because they cannot, guessed, stolen or reused across websites. The Passkeys use a system of private and public keys. Only a public key is stored on the servers, while the private key never leaves the device of user which makes it resistant to phishing attacks and data breaches.