Well? Should they? Let’s ask Ian  Betteridge.

Summer’s Lease Hath all too Short a Date

What’s the craic? Theo Burman is fairly measured: Google Issues Worldwide Gmail Data Breach Warning

“Google temporarily suspended connections between Gmail and Salesforce”
Google has issued a global security alert advising its 2.5 billion Gmail users to update their passwords following a data breach involving one of its Salesforce databases. … The stolen business contact details have been used in a wave of phishing campaigns that mimic legitimate communications from Google:
…
“On August 28, 2025, our investigation confirmed that the actor also compromised OAuth tokens for the ‘Drift Email’ integration. … Google identified the impacted users, revoked the specific OAuth tokens … and disabled the integration.” … This means that Google temporarily suspended connections between Gmail and Salesforce services, to prevent any breaches from potentially spreading further. … Google recommends several steps to mitigate risks for all users. These include updating passwords, enabling non-SMS two-factor authentication, and enrolling in its Advanced Protection Program.

These confused reports inevitably morphed into, “Sky Falling; Film at 11.” [Ask your parents—Ed.] Taylor Herzlich brings us this example: Change your password now

“Significant amount of successful intrusions”
Google has warned most of its 2.5 billion Gmail users to update their passwords and strengthen their account security as password hackers have carried out a significant amount of “successful intrusions.” It is advising users to be on high alert. … Hackers often access Gmail passwords by sending emails with links to fake sign-in pages, or by tricking users into sharing their two-factor authentication codes.

“Nope, nope, nope,” said Big-G PR: Claims of a major Gmail security warning are false

“Crucial that conversation is accurate and factual”
Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.
…
It’s crucial that conversation in this space is accurate and factual. … It’s always the case that phishers are looking for ways to infiltrate inboxes.

Ouch. But spectraldrift thinks it’s a head-scratcher:

It’s wild how quickly this rumor spread across major news sources, and yet I was unable to find a primary source at all. I wonder how this started.

Predictably, many of those “major news sources” are now reporting the Google correction as-is. Which rankles pjcardullias’s ire:

So [those] who falsely reported this without corroboration from Google are now telling us anything and everything except, “We’re sorry for not doing the job we’re paid to do”. Mea culpa works wonders — try it!

What’s the world coming to? mwrisney wishes those writers would please exit the grassed are:

Just more of the newer style of writing from a ton of bloggers and other article writers who sensationalize everything in the headline and stretch out a story to get the most hits and eyes on ads. Not long ago we had professional writers with actual editors who fact checked and made sure a story was to the point.
…
Sources were actually directly checked instead of just reading a story somewhere and basically reposting something that may or may not be accurate. Just a free for all of wannabes now, only going to get worse.

Wait. Pause. Does Google have an ulterior motive? Why Google Is Really Warning 2.5 Billion Gmail Users:

Google is telling users to change their passwords, but not because of a breach. In fact, Google’s real advice is to stop using your password altogether.
…
Look, the most important rule here is that you should literally never give anyone your Gmail password. … Seriously, even if your son calls you to help you with tech support, you should not give him your Gmail password, … because your email is basically the key to everything. … Your accounts are only as safe as the weakest link in the chain.
…
Turn on … stronger forms of authentication, including passkeys and app-based two-factor authentication (2FA). Unlike SMS codes, which can be intercepted or spoofed, authenticator apps and passkeys make it much harder for hackers to break into accounts.

Is that entirely fair? A slightly sarcastic aeonik summarizes snarkily: [You’re fired—Ed.]

Step 1: Update your password.
Step 2: Use non-SMS 2FA.
Step 3: Handcuff yourself to the Google Play Store forever—for your safety, of course.

Meanwhile, FudRucker sees the silver lining:

If anyone breaks into my Gmail, they won’t find anything other than spam. Delete it for me please.

And Finally:

From Limpopo, South Africa

Hat tip: Today

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Mukul Kumar (via Unsplash; leveled and cropped)