My Google account was hacked, Google says they can't help

I've had requests like this from family members supposedly "stuck overseas" etc. These types of requests are often scams.

My boss recently emailed me (from a weird email) saying the landlords payment hadn't gone through and we needed to wire them the money pronto and they were stuck traveling and couldn't do it. This was a scam.

In my neighborhood folks rent out houses for great deals, the landlord is temporarily traveling and can't meet. A fair number of these turn out to be scams.

I just mention this because if some low level support agent providing support to FREE accounts was able to reset an account based on this narrative - and no phone access - that would be HUGE security HOLE.

If google starts allowing recovery of passwords by folks overseas who are "stuck overseas" with no documents - game over. We are focusing on the folks getting locked out, but google is doing a fair bit to keep folks from getting taken over.

I have a 2FA key (hardware) they ask me for once a month. I'm not sure how someone takes over my account unless they get access to my computer with remote access and then maybe re-uses a session somehow? Even then I have to re-auth when doing security steps... so it's a bit weird to have an account takeover like this.

My request. For a fee of $1,000, an in person visit, fingerprints, and research effort, communication with existing account holder for any disputes (ie, someone sold them the account) google would allow for an account recovery. This last step is what is missing. Charge $2,500 even. In some cases that would be worth it and allow them to make a pretty good job on recovery. Even wipe the account / lock all old messages so they are unreadable on recovery.

I suggested OP post here since we spent over an hour trying to recover the account and I can't figure out any way to help recover it either. Google appears to be a stone wall, the hacker's account is obviously using a disposable email (looks like a phishing email account with typos and word accoount in it).

Google doesn't seem helpful in this situations, hoping someone here can help her and has solved this issue before.

Definitely talk to the nearest embassy for your home country ASAP. They won't be able to help with your Google account, but can definitely help with travel docs and may be able to make travel arrangements for you.

I was a Google employee at the time, and wanted to login into an email with my first and last name@gmail.com. at the time I setup email forwarding so didn't have to login at all for years.

Anyway I couldn't remember the password, and their security requirements at the time was different from today (no recovery email, no verification etc). And as a good security practice they also put cool down periods for trying passwords too fast...

Filed for a support ticket, they told me nothing could be done because security of the account. I told them to send recovery info to the account in question (so that it would be forwarded to me), but they didn't. They also verifiably know who I am, and there was some amount of trust that it was my account.

I spent few hours of writing down passwords and copy pasting to find out. Eventually did.

This shit is nonsense.

> Google says they can't do anything to help me! They can't kick him off or disable my account, I just have to be harassed and blackmailed, and goodness knows what else.

Not kidding - How do we know you are not the hacker ?

In future please use 2F authentication otherwise there is really no way for anyone to tell who is the right owner.

If you're in a foreign country then you have to go to your embassy, they are there to help in exactly situations like this. Go in person if you can.

As time has gone by I've seen Google be less responsive to spam and phishing attempts. I've been getting substantially more attacks since 2016 and they go into overdrive around election time. I'm not sure what is going on because they are fairly obvious attempts. Examples include: a pdf on Google Drive shared with hundreds of people and text that is in Russian (I've translated a few and they want me to contact the embassy); very obvious spam emails like "Hey, do you still live in Illinois?" (I never have, but have had several password change attempts from this location (same IP even) and Google says "enable 2-factor", which I already have); emails that go to myname@gmail.com instead of my.name@gmail.com; phone calls (I have Fi) from obviously voided numbers (numbers almost identical to my own); and many more. Last election cycle I almost abandoned gmail all together.

I know there's Googlers here. So why isn't Google taking this seriously anymore? The attempts are so bad a naive bayesian classifier could catch these! Worst of all, Google provides no help. Google should be preventing OP's problem in the first place (they seem to not be caring) and doing something to fix it when it does happen. As a user it just feels that Google is just becoming complacent in this activity.

1. Hitup @askworkspace and @googleworkspace on twitter - loudly and publically

2. Assume any passwords stored with your account have been breached

3. Start canceling all services and getting new ones issued

I wonder - if HN became a really effective escalation mechanism for Google support issues, then would it make an attractive attack vector?

That’s horrible.

My Google account was also suspended at a time when I needed it most, due to no actions of my own. A hacker gained access to it and was demanding Bitcoin donations in my name.

I tried every appeal process. I tried to backchannel through a great attorney.

I received an email years later that my entire Google account was being deleted from their tape archives.

I bought into the dream of the cloud, I transferred most of my data to GMail and Drive early on. That was all erased and I, after years of trying, never was able to contact a human. Nor was my attorney.

Google is a TERRIBLE company. Do not work there. Innovate them out of business.

This happened to me, I went through the google account recovery process and it was recovered. I was a victim of an on the air SIM jacking of my phone - which suddenly went dead. I had 2 factor enabled, but once the SIM was jacked they reset the account and used the phone to capture the code. My name is the same as an Ambassador - which I am not, I suspect that once they did not have a high profile Ambassadorial account they just ignored it as nothing was deleted (unless google recovery restored it to a prior state??)and after I went through the google account recovery process, google restored my account. After which I implemented a Fido token system. which you can buy. It works like this, but you better make sure you guard your token = lose it = screwed. https://fidoalliance.org/how-fido-works/ I also suggest you download your mail archive every month using the google download process.

Well, this is not a solution for your situation, but for anyone reading this who doesn't want to be in your situation ENABLE TWO-FACTOR AUTHENTICATION on every account you have anything remotely valuable.

I once got a Hotmail account hacked and Microsoft was very much able to recover my account as long as I was able to provide them with enough information (old passwords, personal information, etc) to prove the account was mine, so I'd really try all Google avenues possible because it's your best bet for recovering your account.

If you can't access your money that's a banking issue, talk to your bank.

I spoke to Google on the phone and via chat, they said there is nothing they can do, except walk me through the restore process, which is impossible, as the hacker has the restore email and number. Google says only the account holder can make changes, yet I can't and someone else can. They have hung me out to dry!!!

If it were possible to just call up Google and get your account back then that's how people would steal accounts.

It's not very useful advice after the fact, but multi-factor authentication and recovery email accounts are highly advisable.

Yeah, one of my oldest Google accounts was taken over.

I even got an email saying password/info was changed. Logged in, recovered the account, then changed the password (!) and made sure my recovery email and phone number are good.

All good, I thought!

Nope, just an hour later they accessed it again! Apparently from a mobile phone (same model as mine). The hacker changed all the info again (!), the password and after that recovery was useless for me (kept saying it's impossible because we can't trust your device or some shit).

That's it, account gone.

Google really should have an option to disable any recovery options. I use strong passwords and have multiple backups of the password database. If the password is not correct, that's it, no access. I'd be very fine with that.

I do not want 2FA, tied to my prepaid SIM that I could lose (I also just buy a new one if I move country, no contracts, none of that bs).

I have detached myself from all of this online bullshit, I use my own backups, my own notes, Google is just for email (I have my own mail server, too) and Youtube (I have backups), I can lose them any time.

Your post sounds like a textbook scam sob story in itself. I am sorry if it's actually true.

I would really like to thank everyone for taking time out of their day to respond to me. You can all probably tell I'm a bit of a dud with computers, maybe I didn't have my security as secure as it should have been, maybe I was using the 2f for something else and got them confused. I don't know, but I've learnt the lesson.

I have downloaded all of my precious memories, deleted everything on the account, it may have been too late as he's probably downloaded all my information already.

He tried to get back into my Facebook but failed but he is still messaging family and friends and posting on my Facebook as comments, he also linked his account to mine, I quickly deactivated it, even though I set up all possible security measures since this all started going on.

I've used USB storage for my data and completely reset my computer, I've made new and secure emails.

I guess I'm just going to have to live with the fact that all my pictures are going to he posted to the internet. Oh well, we all have taken compromising pictures I'm sure, I and everyone else will just get over it.

I can't wait to get back home, and hug my family, Im never going to be high profile or a celebrity, so who cares. Maybe I try to sell my pictures myself and beat him to it. Haha.

He kinda peaked already anyway, by sending pictures to my father. Thanks again dudes and dudettes, and I do apologise about my erratic post, I was in a huge panic.

Peace

I can't help, and I do not absolutely want to being rude but IMVHO it's about time anyone start thinking about personal IT autonomy.

I mean: first computer for the (wealthy and educated) masses was desktops, designed to work in a decentralized network of desktops, It's about time to rediscover such concept:

- can you afford a small homeserver? A simple celeron/8Gb ram/storage as needed? Well for most people that's more than enough to have with public IP/dynamic DNS with a not-so-crappy connection

- do you know how to set it up with FLOSS tools?

If the answers are yes I see exactly ZERO reasons to use someone else computer. I can understand a student that live day-to-day, I can understand someone who do not have enough knowledge to deploy something personal, but in other cases well... We are in 2022...

It's not just a matter of ideology, convenience etc it's a matter of civilization: do we really want to arrive at 2030 owning nothing as the WEF want? Because owning contracts with third party services already means owning nothing. If software side something lack it's about time for FLOSS devs to look at it, perhaps instead investing time in creating stuff on top of proprietary cloud APIs witch is by nature wasted time since those APIs can always change dropping all works on top of them in a snap.

Hey guys thanks so much for your response. I do believe 2 step was going but the hacker changed the details to his, wiped my phone and with it, my Google authenticator and presumably set it up on his phone! I'm completely locked from making any changes yet I can still see my emails and stuff but I can't change anything or verify myself. I did use the authenticator app plenty of times so I'm certain I had it set up. Although I'm starting to doubt myself now.... It's a nightmare!

I see many commenters are implying I'm the scammer, I'm not so good with computers, I wouldn't know how to scam someone online I asked Google if I could verify myself with my ID, driver's licence, passport, security questions... Anything! But they simply said there is nothing they can do. Today I managed to get all my photos, I've contacted relevant companies and got my travel documents, I even managed to salvage my bank account - they were way more helpful and I was easily able to change my details and log in within 2 emails to them. I deleted everything on my Google account, however I can see the hacker backed up all 100 GB of data I had on there, so he has that anyway. I then factory reset my computer.

I can't believe Google can do nothing.

The hacker is trying to blackmail me again today, he said he's going to out my pictures up online. Despite his efforts, he wasn't able to post as me this time, but he posted as himself on Facebook. He did however link another Facebook account to mine, I deleted it quickly and deactivated the account, however he is still blackmailing my boyfriend with these pictures in messenger

On top of this, I got a positive covid test today so I can't fly home anyway, this is the worst trip ever! Urgh!

I'm fairly sure I had it (2F) and the hacker wiped my phone and got the authenticator on his phone. I could be wrong, I have set up the 2F today on everything. I thought I secured my Facebook account today, I did every security measure possible and he was still trying to sign in. He has posted my private pictures as comments on my posts and sending them to my Facebook friends and family..... But this time from his own profile. So I think I was quick enough in deactivating my account and verifying it wasn't me signing in on the 2F. He's now threatening to post my pictures on the internet and adult websites. I'm not sure I even really care at this stage. I've managed to back up all my photos and retrieve my travel documents as well as a bank account, thank god

To top my day off, I got a positive covid test, so I can't go home and have had to cancel all my flights ect anyway. I'm so exhausted

And very disappointed that Google can't do anything about it. My bank got me into my account and changed my emails through chat today, yet Google can't kick this guy off my account. It's crazy!

2FA is just fine until you are Sim-jacked.

DO NOT use your phone as a recovery device.

Use another email provider for Google account recovery.

Then if you get SIM-jacked, the culprit can't get into your Google account because your jacked phone number won't get an account recovery code; it will go to your non Google email which you will receive, even if your phone can only access wifi.

Do make sure that your Google and non Google email accounts have super strong passwords.

Sadly I don't think anyone here can really help you. If it was possible to "recover" an account that you didn't have access to then anyone could take over anyone else's account. In fact support agents are trained not to respond to "I'm stuck in another country without money please help me out" requests since they are one of the top entry points for scammers.

As others have said, go to your country's embassy. Helping stuck tourists like you is their top responsibility.

Once you are home file a police report and start the process outlined at https://www.identitytheft.gov/. Consider that Google account gone.

The victim, luluouise, account is just as old as this post.

The job of ohasi, who tring to help the victim is: "Founder of Review Signal - We collected and analyze opinions shared on social media and turn that data into a review website."

The phone number of alledged hacker is in sweden or belgium and ohasi had education from : MSc Entrepreneurship - Lund University, Sweden and MSc International Marketing and Brand Management - Lund University, Sweden ( from ohasi's profile listed links ).

Is this a real issue for someone or ohasi collecting opinions shared on social media?

this happened to me (minus the travel part, but the theif was from what appears to be a south east asian country), I tried for quite some time getting attention because for about 2 weeks I was still being forwarded messages to my other address so I could observe what they were receiving which was... strange.

in any case my final attempt was contacting a group of people who wrote about account recovery [0] as a last ditch effort, unfortunately some emails bounced and no one responded.

my parents and grandparents occasionally still use my old email and I'm still bothered by it despite it happening over a year ago now. if there is anyone on this list working at google email, I have a lot of evidence showing I owned the account and I would love to have the opportunity to talk to a person about options.

[0] https://static.googleusercontent.com/media/research.google.c...

The only thing I can think of is to file a court case in the US. Not sure on how to go about it, or on what basis you can do it on, but that's what I would do if I had no other options. The sooner you do this the more likely they'll have backups they can restore. Of course you'll need to find a way to get to the US first (or find e.g. a lawyer to do this on your behalf), so best of luck.

One question. Whenever you try to change something in Gmail. They will ask you to verify via phone? Isn't that mandatory today. I don't believe you can simply change passwords without a phone. But I might be wrong. Also can't you call your bank and request new access? They need to verify you, but that should be possible. Last question. How did they wipe your phone?

Get in touch with your banks and your embassy. Google account might as well be gone, but try to prevent any further escalation.

> They then changed all my passwords, restore email, phone number ect to their own email and number,

Are you sure they changed your restore number? I just checked on my account and it doesn't seem to be possible. Even if it is possible to add another number, Google should still know your old number?

You shouldn't do it but your only decent chance (without knowing someone at google) of getting your account back is probably to pay the ransom though I suspect this person is probably more interested in fucking with people than making money so I don't think your chances are good.

Please use best password policies, I hope this blog will helpful for you https://www.securden.com/blog/top-10-password-policies.html

Small claims or tribunal. In Australia we have state based courts which you pay a small fee to, they’ll make a ruling and at least Google will give attention to the case it deserves.

It’s annoying, but it’ll work.

To help others could you please tell us more information... Did you have 2FA? If yes was it SMS or with U2F-key? Which country where you previously in? Did you change places?

You won't get it back, sorry. Even as a paid Google user they have the worst support I've ever encountered.

Curious what people are doing avoid such situations? apart from 2FA, two different email accounts for banking and other services?

If you have any logged in devices, run Takeout so you don't lose what's in your account if you fully lose control.

Keep trying to login and reset the password that will eventually lock the account. That’s my suggestion

AWS requires a notarized doc proving your identity to gain access. It's a bitch but works.

this has happened to me. there are no resources for recovery or recourse anywhere in the world at all. google won't help you. law enforcement won't help you.

those accounts are lost. close what you can and open new accounts with 2FA.

And thank you to my dear friend who's tried to help me. What a star

Thank you google

Never use google. Truly an evil company.

In the future: Do not use Google. It's too big to be practical. They are entirely incapable of telling legitimate access from fraud. I logged in to my childhood email from 20 years ago to prove I was who I said I was, I've been locked out for 3 years with no recourse.

This happened to a friend. His life was destroyed. The only person he could talk to was the FBI. They told him they get dozens of calls about this a week. On top of that, there's a exploit that allows anyone with a dot in their email to receieve any other person email it's been active for 19 years. Google doesn't care what so ever. Google has the worst infrastructure support. There probably needs to be regulation that if your a company making over 1B a year in revenue, you need to have a basic escalation procedure and human decency... or you can't make any tax deductions, and it claws back 10 years, and it applies to all share holders who own more than $1M in stock. Suddenly, they might answer the phone!