Google hits out at ‘entirely false’ claims of a major Gmail security issue
Google has taken the unusual move of addressing claims about a major Gmail security issue – claims the company says are “entirely false”.
Insisting that “Gmail’s protections are strong and effective”, Google does not specify which claims it is referring to or where they stem from. What is clear, though, is that the company has been rattled by whoever has tried to bring into question the security of its email platform.
Google has posted a strongly worded article on the Google Workspace blog. Headed “Gmail's protections are strong and effective, and claims of a major Gmail security warning are false”, the post sees the company in something of a panicked tone. Defending the security of it famous email service, the company says:
We want to reassure our users that Gmail’s protections are strong and effective. Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.
While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users.
Security is such an important item for all companies, all customers, all users — we take this work incredibly seriously. Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual.
As best practices for additional protection, we encourage users to use a secure password alternative like Passkeys, and to follow these best practices to spot and report phishing attacks.
The post is somewhat extraordinary, and it is made all the more strange by the fact that Google fails to make it clear exactly what has prompted it to make the statement. If the original story was true, it would mean that Google has issued a warning to “all Gmail users”, then Gmail users would have seen this warning. The post attempting to debunk the security story appears on a blog that is probably read by a tiny fraction of Gmail users. It just feels a bit odd.
A major Gmail security issue?
Forbes points to a news story that went viral after the data breach of Saleforce data.
There is a viral story (1,2,3) suggesting Google has issued an emergency warning to all 2.5 billion Gmail users with accounts at risk following its recent Salesforce breach. The only problem is the story is completely misleading – there is no such warning.
Google has now responded, telling me that “unfortunately, several inaccurate claims surfaced this week incorrectly claiming we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.”
The most likely reason for Google not referring directly to the stories that prompted it to make its security statement is that it did not want to run the risk of promoting false stories – or fake news, if you prefer.
But at the same time, the vast majority of Google customers and Gmail users would be completely unaware of the security stories unless Google had brought them up. And having brought them up in a very vague way, there is the chance that interest will be piqued, sending some people off on a journey of research that could quickly become a descent down a rabbit hole of Google-related conspiracy theories.
Did Google need to say anything? Almost certainly not. Will it do the company any harm? Probably not. If nothing else, it has served as a chance to promote the value of passkeys and to talk about security in general.