Sudeep's Blog

How i RECOVERED my hijacked GOOGLE account [in 6 days]

When i slept on 6th of December 2022 everything was fine until i woke up at around 7:30 next morning on 7th and found that i have been logged out of google my account from my phone.

Day 1 - (7 December 2022)

Action Required Google Account

For a second i couldn’t think of anything, i thought the session was expired and tried logging in i was shocked to see my password was changed 5 hours ago.

Password was changed 5 hours ago

I then suspected something is not right. I slept 8 hours ago and found out that my password was changed 5 hours ago. How can this be?

The panic began and i tried to login from my laptop and i got the same message. I tried the account recovery but all of my Recovery options including my Phone number, backup codes were removed and i was not aware of this, i didn’t got any notification since i didn’t had any recovery email. The hijacker has his own email address as the only recovery option . So, it was impossible for me to recover the account at this point.

All the recovery options Removed

I kept on trying but soon the hacker added security key as a backup recovery options and since my recovery options was all removed without my knowledge, i couldn’t recover my account. Then with the suggestion of my friends i went to police to file a report as that email account contained my Passport and visa details.

I started changing the email address on the important places such as my banking details and government websites.

Day 2 - (8 December 2022)

This morning, i wake up feeling depressed, panic and anxiety was killing me, but i was still researching on the internet. The only good thing was i had a hope. I tried calling google’s phone number but it would always say “Seems like an account recovery case, please head out to g.co/recovery”. I was too frustated with this. Even i sent email to google’s bug bounty saying my account was hijacked and included few of the more information but they closed the ticket mentioning, it was not under their scope. I spoke to google products support including Youtube and gmail but they would close the chat mentioning it was not under their scope.

Day 3 - (9 December 2022)

I had almost lost all the hope to get my account back but i kept trying. I was depressed and had lost interest in my job and life. Account recovery was not working even after trying for hundreds of time because i had lost all control of the recovery options. I then thought of posting the google community for help on about 9:15 PM through new google account that i created.

My Post on Google Community forum

Post on Google Community forum

Day 4 - (10 December 2022)

Posting into the google forum was the one good thing i did which gave me hope for the account recovery. The guy named The Didi replied to my post at about 3:24 AM. I provided him with my YouTube channel link and then i got email from YouTube hijacking team mentioning that they confirmed that my account is compromised and asked me for few more details. Until now, the hijacker posted illegal content over youtube which led my account to be deleted.

I am not too sure if i didn’t had the YouTube channel then this would work. On the research over the internet people were also able to contact YouTube on Twitter (twitter.com/YouTube) where they got prompt reply with the link to move ahead.

Day 5 - (11 December 2022)

After providing the more information asked by TeamYouTube - Channel Hijacking on the email at 3:21 AM, I then received the confirmation from them that my account was compromised and they disabled my account at 2:17 PM. Additionally, they provided me the instruction for recovering the account and asked for the contact email address.

Day 6 - (12 December 2022)

Finally, after reviewing my information, they provided me with the password reset link and i was able to change my password. It was a great feeling that i can’t express in words.

After getting into my account i checked the login and i found one of the suspicious login from Kaluga, Russia. Surprisingly i also saw that the first sign-in from that device was on May 19 which was around 8 months ago. I have no idea on this as well.

Login from Kaluga, Russia

So, this was my experience recovering my hijacked google account.

Questions in my Head

  1. How was my account hijacked? - I asked google but they didn’t provided me with an answer.
  2. Would my account be recovered if i didn’t had YouTube channel? - Not sure as TeamYoutube helped me to recover this time but i had account on PlayStore and Admob and not sure if their team could help.

Lessons Learned

  1. Do not use single email every where, use multiple emails for accounts.
  2. Use the account nobody knows on bank and other important places and never share that email.
  3. I used to think that Google is most secure and Google Drive, Gmail are the safe place but i was wrong.