Phishing Threats Prompt Call for Wider Adoption of Passkeys

By  |  November 7, 2025
 | 

The recent hack of Salesforce should prompt Gmail users to shift from passwords to passkeys, according to a report by Inc. posted by sister publication Fast Company.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    No Gmail credentials were stolen in the hack, but business-related data like contact lists, company associations and email data were stolen, according to the report.

    This kind of data makes phishing and impersonation attacks much more dangerous, because hackers can use it to craft attacks that look authentic and trick people into handing over their login credentials, the report said.

    With those credentials giving them access to the victim’s email, hackers can then access any of the victim’s accounts that reset a password by sending an email, per the report.

    Users can prevent these sorts of attacks from happening by ending their use of passwords and using passkeys instead, according to the report.

    Passkeys can’t be phished because they don’t include passwords that a user could be tricked into sharing, the report said.

    Advertisement: Scroll to Continue

    Google’s Threat Intelligence Group said in an Aug. 5 update to a blog post that a hacking group had breached one of its Salesforce data systems used to house contact information and related notes for small and medium-sized businesses.

    “The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details,” the post said.

    In that case, the company said its intelligence group suspected the hackers could be planning to “escalate their extortion tactics” by initiating a data leak site.

    In one post in an Oct. 27 thread on X addressing false reports of a Gmail security breach, Google recommended the use of passkeys and shared a link to an article about protecting personal information with 2-Step Verification.

    “Users can protect themselves from credential theft by turning on 2-step verification and adopting passkeys as a stronger and safer alternative to passwords, and resetting passwords when they are found in large batches like this,” Google said in the post, referring to various credential theft activity occurring across the web.

    PYMNTS reported in May 2024 that several payments and financial services companies have introduced passkeys.


    Recommended

    Trust Wallet Integrates Revolut to Facilitate Crypto Purchases in Europe

    Terraform Labs Co-Founder Do Kwon Sentenced to 15 Years in Prison

    Costco’s Digital Sales Surge 21% as Members Maintain Spending

    Appeals Court Says Judge Must Consider Allowing Apple to Collect Commission

    See More In: , , , , , , , ,