Google warns Gmail users they have 7 days to act in case of hacker takeover attack
Although I’m pretty sure that a number of the people who contact me claiming that they have been locked out of their Gmail account by a hacker and want my help to get back in are, actually, trying to hack someone else’s Gmail account, that doesn’t mean everyone who asks for help is a scammer. You only have to look at the online Gmail support forums, both official and unofficial, to realize that people fall victim to hack attacks all the time and suddenly find their online lives turned upside down without access to their email. A common thread among these pleas for help is that an attacker, having compromised the account, has changed passwords, phone numbers and even passkeys to prevent the genuine account holder from regaining access. I went directly to Google to ask if there’s anything that users can do to get their Gmail accounts back under their own control, and, as it turns out, there’s a lot more than you might imagine. Here’s what you need to know.
Gmail Hack Attack Leaves Account Locked After Phone Number And Passkey Changed
A typical example of a Gmail user who has found themselves locked out of their account after a successful hack attack compromise was posted to the Reddit Gmail subreddit recently. The user complained that they had been locked out of the account after finding that their “passkeys (fingerprint), passwords and phone number were changed,” laying the blame on malware that was discovered on their device. “The only thing I have attached to the account is my other recovery email that I still have access to, though it doesn’t really help with logging me back in,” the user said, “I don’t have access to backup codes either and I’m pretty much ready to give up at this point knowing that Google doesn’t have live support.” Although Google wasn’t able to help with this specific case, I did ask for broader advice on how a Gmail user should respond in such circumstances in order to regain access to their Google account and their Gmail.
Google Said Users Have 7 Days To Regain Access To A Compromised Gmail Account
I had a conversation with a Google spokesperson, Ross Richendrfer, who deals with workspace security and privacy matters. First and foremost, Richendrfer wanted me to point out that the tactics being seen by these email hackers are not unique to Gmail by any means, it’s a common methodology for an attacker to maintain control of an account once it has been initially compromised. However, Richendrfer did confirm, for context, that Google does see situations where an attacker has compromised an account and then adds a security key or a passkey to prevent the legitimate owner from logging back in. This, Richendrfer said, is usually as a result of the Gmail account holder “not using phishing-resistant authentication technologies, such as security keys or passkeys,” to protect their Google account.
“We recommend all users to set up a recovery phone as well as a recovery email on their account,” Richendrfer said, “these can be used in cases where users forget their own passwords, or an attacker changes the credentials after hijacking the account.” Here comes the most important bit: if an attacker changes your recovery phone number then you, as the original account holder, have up to 7 days to use that original recovery phone number to regain control of your account.
Google’s Gmail account recovery guidebook
Richendrfer also advised that anyone, be they using Gmail or any Google service, can get further help with account recovery by starting here or heading to this Gmail account recovery guidebook by Google for more detailed, step-by-step, instructions.