Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Google Account Hacked? What You Need to Do NOW!

Move quickly.

Google/Gmail account hacks happen. Take these steps to recover your account and prevent it from being hacked again.
Padlocked Google
(Image: askleo.com)

It’s not uncommon for someone somewhere to gain access to someone else’s Google account and use it to send spam or worse. Sometimes the account password is changed; sometimes not. Sometimes traces are left; sometimes not.

Sometimes the entire account is destroyed; you can lose your account permanently.

If you think that has happened to you, here’s what you need to do next.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Google account hacked!

If you suspect your Google account has been hacked:

  1. Recover access to your account.
  2. Change your password.
  3. Check or set your account recovery information.
  4. Let your contacts know.
  5. Learn from the experience.
  6. Get help if you need it.

1. Recover your account

Log in to your Google account right away. If you can, consider yourself very lucky and proceed to step 2.

If you can’t log in even though you know you’re using the correct password, then the hacker has probably changed your password.

Proceed to my article Lost Gmail Account Recovery With No Phone or Alternate Email. Google includes several recovery options provided you set them up beforehand. As long as you did, they may allow you to regain control of your account and reset your password.

Follow those instructions carefully and completely. I regularly hear from people who give up at the first sign of failure even though Google may offer additional options.

If that recovery method doesn’t work, it is no longer your account. Unless you backed it up, everything in it is gone forever, and you can skip the next two items. You’ll need to set up a new account from scratch.

2. Change your password

When you regain access to your account, or if you never lost it, immediately change your password.

As always, make sure it’s a good password: easy to remember, difficult to guess, and long. In fact, the longer the better.

But don’t stop here. Changing your password is not enough.

3. Change (or set) your recovery information

While the hacker has access to your Gmail account, they may elect to leave your password alone. That way, you may not notice the account has been hacked for a while longer.

But whether they changed your password or not, they may go in and change the recovery information.

The reason is simple: when you finally get around to changing your password, the hacker can follow the “I forgot my password” steps, reset the password out from underneath you, and hack your account again using the recovery information they set.

Check the alternate email addresses associated with your account and remove any you don’t recognize or no longer have access to. The hacker could have added his own. Make sure all the email addresses belong to you and that you will continue to be able to access those accounts.

Check any phone numbers associated with the account. The hacker could have set their own. Remove any you don’t recognize, and make sure that if a phone number is provided, it’s yours.

Overlooking information entered for account recovery could allow the hacker to hack back in. And, of course, failing to set any recovery information dramatically lessens the chances of recovering a hacked account. Take the time to carefully review and/or set up this information.

4. Let your contacts know

Some people may disagree with me, but I recommend letting your friends know your account was hacked, particularly if your account was sending spam while out of your control.

I believe it’s important so they know not to pay attention to messages received while the account was in someone else’s control. They can also be on the lookout for phishing attempts by the hacker using information gathered from your account while they had access to it.

5. Learn from the experience

One of the most important lessons to learn from this experience is to consider all the ways your account could have been hacked and take appropriate steps to protect yourself from a repeat occurrence.

If you are fortunate enough to be able to identify exactly how your password was compromised (which isn’t common), absolutely take measures so it never happens again.

Do this

If you’re having difficulty with the process, make sure to follow the recovery process completely. There may be an option to ask Google for help. It’s unclear how responsive they are, and I wouldn’t expect a quick response by any means, but it may serve as a last resort. Or it may not be present.

While you’re at it, find someone who can help you set up a more secure system for your account by following the steps above.

The reality is that you and I are ultimately responsible for our own security. That means taking the time to learn and set things up securely. Yes, additional security can be seen as an inconvenience. In my opinion, dealing with a hacked account is significantly more than inconvenient. It’s worth the trouble to do things right in the first place.

can help you with that. Subscribe to Confident Computing, my weekly newsletter with tips on how to stay safe and never lose your account again. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

10 comments on “Google Account Hacked? What You Need to Do NOW!”

    • You can back up your emails by using an email program like Thunderbird, Outlook.exe, or the Windows Mail App. Unfortunately, contacts can’t be backed up using those programs. You can use the Export Contacts function in Gmail.
      Click om the “waffle” icon towards the upper right of Gmail or any logged in Google window, and click “Contacts”.
      Export Gmail Contacts
      Click the Up arrow to export contacts, choose from Google.csv, Outlook.csv, or vCard. I suggest either Google.csv or Outlook.csv as they can be read by any spreadsheet program. Google.csv is best if you want to reimport them to Gmail.

      Reply
  1. All this can be avoided by performing three simple steps:
    1. Set up recovery information for your email account(s).
    2. Set up 2FA for those accounts. With 2FA enabled, your email account(s) can’t be accessed and your recovery information and password can’t be changed without your second device (for me, it’s my phone where I have the Microsoft Authenticator App installed).
    3. Use a password manager, keep all your passwords in it’s vault, and set up a long master password that you won’t forget (I use several words run together in ‘camelCase’ format (the first word is all lowercase, then each additional word starts with a capitol letter, and I use a numeric character and some special character at the end, like ‘groovBoardLockerDog1#’ (a 20 character password!). This way the Master password is long enough to be very secure, and it’s easy to memorize and remember since it’s the only one you have to know by heart. Note: My real master password is very different :).

    If you do the three things I listed above, you should never lose access to your email account(s) again. Further you should do these three things with all of your Internet accounts with the exception that you can use your password manager to create/generate your Internet account passwords. By using a password manager, you don’t even have to know what your Internet account passwords are because it knows them and takes care of authenticating you when you log into an account. These three things are what I do for any account I set up and I suggest you do the same.

    Ernie (Oldster)

    Reply
  2. My google account hacked today 8 hours ago. I unable to access any google products and I am unable to recover with any of the recovery methods because of hacker removed all my recovery methods. Please help me out from this.

    I am writing another email id because orignal one i unable to access. Please provide me the best solution.

    Thank You.

    Reply
    • (Sorry for the form response, but I get this question A LOT.)

      Please review the account recovery options as outlined in this article: https://askleo.com/access-gmail-without-phone-verification/

      If Google’s recovery process doesn’t work for you — maybe you don’t have the recovery email or phone — MAKE SURE to follow Google’s instructions CAREFULLY and COMPLETELY.

      If the recovery process can’t be made to work, I know of no way to recover the account. If that’s your situation I’m very sorry.

      If you DO recover your account you’ll want to check the steps in this article to prevent losing it again (it discusses Facebook, but the steps apply to Google as well): https://askleo.com/facebook-hacked/

      Reply
  3. My name is Gabriella Grace Comito. Please email me at [removed]@gmail.com for more on the know about it, please. I want you to catch that phisher and call 911 on him or her, I’m more guessing him, tell the cops you found him, hack into the IP address of the hacker to get the home address, and make sure the cops go to his house and find him, arrest him, make me a new password, contact me via [phon # removed] to tell me my new password, and gratefully give my account address back to me!

    Reply
    • Some comments are automatically held for review before publishng.
      Never include personal nformation such as phone numbers, enail adresses or home adresses in a public forum. It exposes yout to spam and possible harassment.

      Reply
  4. First my phone number was hacked, then they said they could see me when I’m in my text or Gmail. Called the cops need to file report . They took money off debit card and another credit card. I closed phone and upgraded to apple and #. Because of that I have no phone with the number I used. I used 2 step verification but before I deleted that number no text or emails would come to me about verification #. I’m assuming everything is working under someone else. I had important info from military, as and va. Guess all is gone?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.