Billions of Gmail users at Risk: Developer shares email that he says ‘exploits vulnerability in Google’s infrastructure’; Google responds

In a highly sophisticated phishing campaign, hackers are said to have successfully exploited Google’s infrastructure to send deceptive emails that appear to come from a legitimate Google address to trick users into handing over their login credentials. The attack, brought to light recently by Nick Johnson, lead developer of the Ethereum Name Service (ENS), involved emails sent from no-reply@google.com that passed DomainKeys Identified Mail (DKIM) authentication — fooling Gmail into treating them as authentic security alerts.

“These emails are valid, signed, and display no warnings in Gmail,” Johnson said on X (formerly Twitter). “They appear in the same thread as real Google security alerts, making them even more convincing.”