Sunday, April 19, 2026

Gmail Issues Urgent Alert to 2.5 Billion Users Amid Surge in Cyberattacks — Update Your Account Now

Posted on by Noah Perreault

Gmail Under Attack: Google Urges Users to Strengthen Account Security Now

Google accounts are being hit hard by hackers, and the number of attacks is rising fast. Google says it saw an 84% jump in attacks that try to bypass Gmail’s two-factor authentication (2FA) in 2024. And the situation has gotten even worse in 2025.

Phishing and stolen passwords now cause more than one-third of all successful Google account hacks. In response, Google is fighting back with new security tools — and a strong warning to all Gmail users: update your passwords or, even better, switch to passkeys now.

Gmail Users: Change Your Password or Use a Passkey

Google, which runs Gmail for over 2.5 billion users worldwide, says it’s doing more to protect accounts. But you also need to take action.

“Attackers are stepping up their tricks to steal passwords and break into accounts,” said Andy Wen, a product leader at Google. He added that cookie theft — which steals login info from browsers — is also on the rise.

To help stop these attacks, Google is offering new tools for business users and giving important advice for everyone else:
Switch from using a password to using a passkey.

Passkeys are a newer, safer way to sign in. They’re tied to your phone or computer and can’t be stolen like passwords can. Signing in with a passkey can be as simple as using your fingerprint or a PIN.

Even though Google’s new tools are focused on Google Workspace (business) users, regular Gmail users can still improve security by switching to passkeys.

Why Passkeys Are Safer Than Passwords

Google gives three reasons why passkeys are better:

  1. Harder to steal – Hackers can’t trick you into giving them a passkey like they can with passwords.

  2. Easy to use – You can log in with a fingerprint, face scan, or simple device unlock.

  3. Unique for each site – Unlike passwords, which people often reuse, passkeys are different for every website or app.

Google is also testing new security features, like Device Bound Session Credentials, which help stop hackers even if they get past two-factor authentication. These features are still in beta and mainly for business users, but they show that Google is taking this seriously.

What You Should Do Now

Whether you’re a business user or just use Gmail at home, don’t wait.
Update your Google account security now by switching to passkeys if you can — or at the very least, change your password to something strong and unique.

Related Posts