Gmail is the most widely used email service in the world. It has over 2 billion users worldwide. Gmail is a free web-based email service offered by Google Inc. It allows users to send and receive emails from their computers or mobile devices.
The importance of Gmail has increased over time. It’s no longer just for sending and receiving emails; it’s also linked for all of your Google services & apps, such as Google Drive, YouTube, and the Playstore. So, while it’s critical to keep your Gmail account secure, but what happens if it’s hacked?
Sadly, my account was hacked, but I was able to recover my hacked Gmail account and I wanted to make sure that nobody else goes through this experiences, and if they do, then they know how to recover their Gmail account.
How did I notice that I was hacked?
People often find out they’ve been hacked for the first time, months or weeks after it happens, but luckily, I discovered my recovery email was changed the same day at roughly 4:25 a.m. I became skeptical and clicked the notification, which allowed me to access my Gmail account.
However, after a few minutes, the Gmail application locked me out of my account. I couldn’t log in to my Gmail account anymore, so I checked my notifications. I saw many messages indicating that my Google account phone number, recovery email, and password had all been changed.
I was worried that there had been a mistake, so I put down my phone (which had a small screen of 6.4 inches) and walked towards my laptop and tried to enter my Gmail password but no luck. I even tried to retrieve my Gmail account with recovery methods, but as you are aware, my phone number and recovery email have both been changed. As a result, it’s pointless.
I started evaluating all my Google services and applications
I knew my 15-year-old Gmail had been hacked at the time, but I wasn’t ready to accept it. Deep down, I understood that accepting it and moving on to the next stage was better for me because it would avoid additional data loss and make recovery possible.
I began accessing all of my Google accounts and services one by one to see what had been hacked or lost and what had not. As a result, after identifying a breach, my first objective is to piece together what happened, how big the breach was, and which Google services were compromised.
I noticed that Google accounts such as YouTube, Google Drive, and Playstore had also been compromised as a result of Gmail hacking. Google Adsense, Admob, Google search console, and Google Analytics were all gone, which was devastating for a website author and developer.
I now understand the feeling that Norman Osborn experienced in Spider-Man when he was forcibly removed from his own company, Oscorp.
Then I gathered all of my broken pieces in order to avoid giving up quickly, and then I proceeded to recover items from hackers, which I’ll explain in the next stage.
The Process of Recovering and securing a hacked account
Although regaining control of whatever the hackers obtained is incredibly difficult, you can still take steps to reduce the damage or recover some data.
I tried to log into every Google service, including YouTube, Google Drive, and others, in the hopes of recovering or finding alternate recovery techniques. In the process I was managed to recover important aspect of my website which is Google Search Console. Here’s how I was able to recover my Search console.
- Go to the Browsing History and click on your website Google Search Console
- Then, Google search console will ask you to verify your website with verification file.
- Download the file and upload into the public_html of your hosting.
- After, the verification, it gives you full control of your site.
💡Tip: Use the same browser which you previously used to access the Google Search console.
If you use your Gmail account to log into numerous apps and services, it’s better to change, especially if it’s related to banking or cryptocurrency. You must contact and inform them that your account has been hacked. It’s also crucial to inform your loved ones that you’ve been hacked and refrain from engaging in any activity that originates from your account. The hacker may attempt to access your friend’s or loved one’s account.
How did I contact Google to report a hacking incident?
Just Like you, I have no idea how & who to contact regarding my Gmail account recovery and hacking. Whenever I encounter even the slightest issues, I turn to Reddit like rats fleeing a sinking ship. However, I was unhappy because I didn’t find anything useful, so I went to Facebook and learned that you need to contact the @YouTube Team on Twitter.
I’d already wasted half a day trying to figure out how to contact Google, so I quickly tweeted about my YouTube hacking to the YouTube team. The next day, I received a response from them, asking me to complete the Creator Support Hacking Form. It has already been more than 24 hours.
Remember that you’ll need an alternate Gmail account to fill out the form. Then I received the Creator Support Hacking Form, which I needed to complete within 72 hours. At the time, I was feeling optimistic and pleased to see some progress in Google account recovery of my hijacked Gmail account. The form asks for basic details like your YouTube Channel ID, sign-up country, etc.
Finally got my Gmail account back
After filling out the Creator Support Hacking Form, I received an important email from YouTube support ([email protected]) 49 hours after the hacking. They confirmed that my account had been hacked in the mail and provided me with all necessary details, including step-by-step descriptions of the modifications the hacker made to my account. The email also contained recovery steps that I must follow in order to regain access to my Gmail account.
After carefully following the recovery instructions, I was able to reclaim my Gmail account as well as other Google services and apps. The YouTube team replaced the hacker’s phone number with mine, which made my recovery possible.
Things to do after recovering your Gmail account
These are the things that I performed after getting access to my Gmail account to make it more secure and prevent hackers from regaining access to my Gmail account again.
1. Set up a new password – It is the most important part when you regain access to your Google account. Setup a new strong password Ex: [email protected]
2. Change Recovery Method – The second thing you need to do is to change the Recovery email and Mobile number entirely. Also, make sure you fully remove hackers’ recovery email and phone numbers or any information you are unfamiliar with.
3. Check recent security activities – Go to myaccount.google.com/security and examine security activity, this will show you all the security modifications that the hacker performed after gaining access to your Gmail account. To keep your Gmail account safe, you must undo those changes.
If you notice “Back up codes” stated in the recent security activity, you need to get rid of it and produce fresh Back up codes, you can follow this instruction.
4. Turn on 2-Step Verification — This will increase the security of your Gmail account even more. Under “Signing in to Google,” go to “Security.” Enable two-step verification.
5. Sign out of any unknown devices and apps — The hacker may still have access to your Gmail account from another device. As a result, it is critical to sign out of an unidentified device, particularly one that is unknown to you, such as a laptop, PC, or mobile phone. To do so, go to “Security” and sign out of all unknown devices under “Your Devices.”
It’s also a good idea to log out of any strange apps that could give the hacker access to your Gmail account again. Go to “Security,” then under “Signing into Other Sites,” click on “Signing in with Google,” and uninstall any strange apps you haven’t used before.
Bonus: Check your Google service and apps
The next step is to check your Google Associate accounts, including Google Drive, YouTube, and other Google app. If you have access to them, check to see if any data has been lost or if anything is missing. Check to see if the payment method for AdSense has been changed. If you notice anything odd or missing, report it to Google, and they will investigate it for you.
In addition, it took me four extra days to restore my YouTube Channels since the YouTube team needed to verify additional information, such as my IP address, the device from which the channel operated, and my location. So it goes to the right hand, despite the fact that I was prepared to capture it with both the hands. Finally, they validated all my information and handed over my YouTube channels to me. They took down the spammy videos that a hacker had posted on my channel.
How did I get hacked?
No matter how cautiously or safely you browse the web, you can still be hacked at any time. I learned this when my Gmail account was hacked even after the 2-Step Verification was turned on.
When my Facebook account was hacked, which I still haven’t been able to recover it because their recovery method is the same old dependency on email and phone numbers. The first thing a hacker does is remove all of the users’ data, such as email and phone numbers. It’s great that I was able to get my account deactivated.
As a result, it became more crucial for me to figure out what bug or tool the hacker is using to access my account. I haven’t resumed using my recovered Gmail account because I know the possibility of it being hacked again is higher.
I narrow down my search on the Windows PC and Phone that I use to check in to my Google account. This is because, despite using Two-Factor Authentication, the hacker was able to gain access to my Gmail account, which is unusual. It usually occurs when Google’s security system fails to detect or find anything unusual or suspicious while the hacker gains access to my account. It occurs when accessing the account from Trusted devices because Google recognizes that you use these devices to log into your account regularly. Hence, it does not ask to authenticate users again and again.
Window or MacOS
Check your Window or MacOS for unusual apps; if you don’t find anything and have any doubts, it’s best to format the device totally.
In my case, I knew it couldn’t be my Windows device because I recently purchased a new laptop and haven’t used it much or downloaded anything.
If it isn’t my Windows device, then it is most likely my phone that has been hacked. I looked through my phone for any odd or unfamiliar apps, but I couldn’t find anything. As a result, after taking a backup, I decided to factory reset my phone. Fortunately, I discovered the main culprit or device responsible for the hacking and took further precautions to secure my device.
💡Tip: You can use Malwarebytes on both Windows and smartphones to perform a speedy scan for recognized malicious software. However, in many cases, it is more effective to format your device to completely remove the malware.
Extra Tip: Secure your Gmail with 2FA Security Key
A 2FA key, or two-factor authentication key, is a physical device used for authentication that adds an extra layer of security to your online accounts.
Yubico Security Key
- NFC Login
- USB-A Ports
- Dual Verification
- Shock Resistant
- Simple, One-Touch Operation
It works by requiring you to provide not only your password, but also a physical object, such as a USB key, to prove your identity. This makes it much more difficult for someone to access your account without having physical possession of the key.
To use a 2FA key to secure your Gmail account, you will need to follow these steps:
1. Purchase a compatible 2FA key – there are several options available on the market, including YubiKey, Google Titan, and Feitian.
2. Set up 2FA on your Google account – go to your Google account settings and click on “Security.” Under “2-Step Verification,” select “Add a Security Key.” Follow the prompts to connect your 2FA key to your account.
3. Use your 2FA key to sign in – when you sign into your Google account, you will be prompted to insert your 2FA key into your device and touch it (or follow the manufacturer’s instructions) to authenticate your identity.
Using a 2FA key makes it much more difficult for hackers to gain access to your account, even if they have obtained your password through other means.
What should you learn from this?
I would like you to keep in mind a few things when you leave this article and get back online. What can we do if we find our Google account compromised? Tips on how to deal with hacked accounts, let me summarize for you.
- Please do not click on any link, no matter how tempting it appears to be, or download any unfamiliar software or tools, particularly from a dubious website.
- Make sure you regularly check for any suspicious app and delete apps that you no longer use.
- Turn on 2-FA in your Gmail and other apps. Make sure to Download your Google Backup code and install the Google Authenticator app, follow the procedure here.
- Make sure to create an alternative Gmail account. If you don’t have one, make it right now.
- Do not panic if your Google account is compromised; instead, attempt every recovery method available. If the hacker has modified the recovery method, try logging in using the backup code or the Google Authenticator app.
- If the above method fails, try contacting @YouTube Team on Twitter. They would definitely help you.
- After recovering the Google account, change the recovery email and phone no, set up a new password, check recent security activity to know what changes the hacker made, then overturn it.
- Try to Find the mole in your Window/ MacOS or Android/iPhone devices; otherwise, factory reset all of them to be on the safe side.
- Don’t forget to inform your friends that you’ve been hacked, and don’t engage in any activity related with your account.
- You can further protect yourself from hacking by following these Tips for Staying Safe Online.
Fortunately, I did not experience any loss of data, despite the fact that a Gmail breach can have major effects. In my instance, rapid action from my side and the YouTube team prevented data loss, which could have been disastrous. Always keep in mind that taking immediate action will save you and your precious data. I’m hoping you’ll be able to recover your Gmail account as a result of this.