Google Blogoscoped


What If Your Google Account Was Stolen?  (View post)

Datrio [PersonRank 1]

Friday, November 9, 2007
16 years ago41,207 views

What do I do? I google up the guy who stole it and steal his data!

Seriously though, I'm not afraid of my Google history. I'm backing up my Gmail and Calendar, I have a copy of every Google Doc, and I don't store any other passwords inside Google services.

Security, kids. Don't forget about it!

Ionut Alex. Chitu [PersonRank 10]

16 years ago #

Probably write a blog post about it using another Google account. This will surely be an important subject for blogs and press, and because it's Google's fault, they should be the ones who block the accounts and solve the problem. But I don't think it's possible for them to reveal the raw passwords.

/pd [PersonRank 10]

16 years ago #

A) Create another Gmail accounts
B) Notify Gmail support
C) post to Gmail groups – your userID and pwd and ask someone to hack that account
D) Notify all your FB and linkin contacts of change in email address
E) Import all FB and linkin email addy to new gmal account

and now you should be back to 99% normal.. other then losing property in gmail / blogger etc etc...

Tony Ruscoe [PersonRank 10]

16 years ago #

I'm not sure. I think I'd go with Ionut's approach and try to get the word out on as many blogs as possible. I'm sure there's some way they could verify it was your account by asking a series of detailed questions, like which IP do you usually use to access the account, when did you create the account, what feeds were you subscribed to in Google Reader, have you ever purchased anything using Google Checkout, etc. But that would obviously take a lot of man hours, so it's unlikely they'd do this unless it was a high-profile single case.

On a related note, how many would be willing to personally identify their account to Google through using your home address and / or bank account / credit card / some kind of PIN (a bit like they do with AdSense) so that in that instance, you could quite easily verify it's you who the account belongs to? (Bearing in mind that this is even more information which various governments could then ask Google to divulge if they thought they had good reason!)

I wonder whether you could already do this anyway to reclaim your account if it got compromised and you had already setup an AdSense or Checkout account...

INFORMANT [PersonRank 1]

16 years ago #

What to do? You're shit out of luck if this happens. Unless you are a business/enterprise customer, expect only automated emails and links back to the endless help pages.

J. McNair [PersonRank 10]

16 years ago #

Put my head between my legs and kiss my butt good-bye?

Well, seriously, I'd behave like any victim of identity theft. Change my credit cards, notify all my online shopping services, banks and contacts. Rage and despair at Google to lock my accaount and get me my #[put at-character here]$%ing data back. Notify local and federal law enforcement for my district and country.

Take no chance and assume nothing is safe. Nowadays, many services (banks, shopping, taxes) require an email address, so having my Google Account fully compromised is no different from identity theft any more. This goes for any primary email account compromised.

Since I'm fairly skeptical of Google (while being a major fanboy), I have local backups of almost everything I actually upload to Google (pictures, videos, etc.). Rebuilding my RSS feed list and Youtube favorites would be a pain, but not terrible.

I hope Google continues to make their services Gears offline-enabled, with options to export to sensible, usable formats (h.264 for Youtube, XHTML zip for Blogger, etc). Mind this is already possible for many of them, and with GMail you can use an IMAP client to download your mail (but not Chats). But often it's not easy or straightforward.

SadPerson [PersonRank 0]

16 years ago #

Crap my pants

DaveB [PersonRank 3]

16 years ago #

Go to Googler blogs (Matt Cutts) and beg for them to put me in touch with someone that can help.

Phil Nash [PersonRank 1]

16 years ago #

Blind panic I think!

I'd really have to get it back though, as I have all my online activities running through gmail.

Good point, I think I'll start backing up my accounts now!

Ricardo Sánchez [PersonRank 1]

16 years ago #

Quote: "On a related note, how many would be willing to personally identify their account to Google through using your home address and / or bank account / credit card / some kind of PIN (a bit like they do with AdSense) so that in that instance, you could quite easily verify it's you who the account belongs to? (Bearing in mind that this is even more information which various governments could then ask Google to divulge if they thought they had good reason!)"

Seeing how governments around the world can get your IP from Google and then go to the ISP (which usually have even lower moral standards than Google) and get your address, I would not mind Google having and checking my real address or other sensitive data, if this would grant me a protection from account theft.

Shankar Ganesh [PersonRank 1]

16 years ago #

Panic, F5 (Refresh)

Opens >> Cool

Else >> Die


Barry [PersonRank 0]

16 years ago #

Just make sure you have secondary email address setup on it.

Nacho [PersonRank 1]

16 years ago #

Freak out, run out the streets screaming in terror until I hit a mailbox or something and go unconcious. Then, get back to my computer and get in touch to someone in Google who can restore my account.

/pd [PersonRank 10]

16 years ago #

Barry, that link will just go to the in box of your hacked email account..

so what good is that step ??

BUGabundo [PersonRank 7]

16 years ago #

Barry: and if the "robber" would change that email too?

Lorenzo [PersonRank 0]

16 years ago #

That happened to me, this summer!
Not for Google fault, but for eBay fault, and my ingenuity.
I was using for ebay account the same password i was using for Gmail. During the summer a lot of ebay accounts were stolen from their server (used this accounts to sell things...): this nice guy found that with the same password he could take also the email account associated to the ebay account... that meant for him: no possibility to take ebay account, except contactin ebay assistance (so, no possibility).. why not???
when i came back from holidays i tried to log to read my email and found that my account was stolen.

i swear, that was HORRIBLE.
i was really really depressed.
after a LOT of email to google guys with LOTS of details about my account (to demonstrate my propriety) i had it back.
it took 10-15 days (was the end of August)
but my account was CLEARLY stolen, this guy selected Korean language (i'm italian), put random passwords and secondary email.
and i had this account since 2/3 years, with same password, so it was not even to investigate

Peter [PersonRank 0]

16 years ago #

If you have a secondary address on another service, it could very well work. Yahoo, MS Live, etc – all free e-mail addresses that will last for quite some time. Now if your password happens to be stored somewhere in Google – you're have some potential problems. Hopefully that hacked account hasn't really been looked at yet. :)

I don't know if it's still the case, but when I signed up for Gmail, I had to have a second address in order to activate my account. Perhaps that's no longer the case now that GMail's freely available.

Raffaele [PersonRank 0]

16 years ago #

Tony Ruscoe [PersonRank 10]

16 years ago #

/pd, once you've entered your Gmail username and it is accepted, you then have to complete the captcha (no email has been sent yet) after which, this happens:

<< A message will be sent to the secondary address you listed for your account. Please wait a few minutes, then check any email addresses you might have listed as your secondary address. >>

Providing the identity thief hasn't changed this email address, you should be fine. (Having said that, I'm not too keen on the idea that this thread could be used by a potential identity thief who wants to know how they should best cover their tracks...)

chipseo [PersonRank 1]

16 years ago #

Trying to get the account back would be priority number one of course, but all my gmail accounts have backups. I have every single message being forwarded to another gmail account with a different name and password, just in case. :)

Sankar Anand [PersonRank 10]

16 years ago #

I will try to use any alternative options to retrieve my password like the forgot password thing and all...

if nothing works i will simply hate google and don't use any of their services

/pd [PersonRank 10]

16 years ago #

Tony, I hear you on the "not too keen on the idea that this thread could be used by a potential identity thief "!!

Mickey Mellen [PersonRank 1]

16 years ago #

I had someone hack into my secondary account (Yahoo) and use that to reset the password on my gmail. I have no idea how they knew the accounts were related, other than the fact it was the same username.

Fortunately, they were stupid:

- Changed the password on my gmail. (smart)
- Left my secondary at Yahoo.
- Didn't change my password at Yahoo.

I was able to reset it again to Yahoo, then quickly change both passwords to long, obscure, number-ridden passwords. Admittedly, they were too easy before.

I also changed my secondary to an obscure account so that someone couldn't pull that trick again.

Scary, indeed.

Ben Allen [PersonRank 10]

16 years ago #

I say authorizing a Password change should become more personal with a call from an automated machine allowing you to confirm or deny it. If it was not authorized by you, Google should automatically freeze your account and puts you on a waiting list for customer service.

That's the kind of Gmail features I want.

If it was stolen I'd have a panic attack. I haven't backed up much (besides picasaweb and google docs) My notebooks and Gmail would be gone.. :|

Inferno [PersonRank 10]

16 years ago #

If hiring a hacker for some hundred bucks is allowed than I would definitely do that to track the culprit down and hit him in his face!!! ;)

Sour Grapes [PersonRank 1]

16 years ago #

You can easily back up a Blogger blog by importing it into a WordPress blog. Takes one click of the mouse every week or so, or however often you remember.

I have lots of Gmail addresses all feeding into one central address, with copies staying on the original address inbox. Those inboxes are just sitting there filling up with back-ups, with capacity nearly 5 Gb apiece at this stage. So if one goes out for any reason, all the rest are still there. An ID thief would need to know all my addresses and all my passwords. Good security also means minimising the effects of a catastrophe.

Joe [PersonRank 0]

16 years ago #

So what can you do if you no longer have the original e-mail with the verification code? Is there some way of generating a new code while you still have your account, just in case you need it later?

photoactive [PersonRank 10]

16 years ago #

I don't back anything up. I'd be devastated to lose access to Docs particularly. I should start backing up. One problem I reckon with at the moment is that I change the password on my main Gmail account every few weeks, for security. But on secondary accounts I use the same password, which is also the password I use on numerous websites so long as I'm not too concerned about security implications. I can't be remembering 16 different passwords. So although I've considered using secondary Gmail accounts to back up my primary one, it's the secondary ones that are much easier to hack into, because the password's easier to find. So I'd be making myself _less_ secure rather than more if I started backing up emails online.

Veky [PersonRank 10]

16 years ago #

Strange. _Nobody_ wrote what I would, practically on reflex, do if I found that somebody stole my account. (Probably shows how naive I am.:)

Of course, I'd send a message to my gmail address:
I was the owner of this account until today. The data in it are very valuable to me, though I assume they present almost no value to you (besides, you can copy them as you wish). So, I think you'll gladly agree to my offer: I'M WILLING TO PAY €100 ($150) to have my account back.
Please reply to this email (even if you decline my offer), and I hope we can arrange the payment and account transfer. I haven't yet reported this to Google, and I sincerely hope it won't be necessary.

Worth €100? To me, sure. And why the hell should he decline that? :-)
Ok, there are problems of trust (should I first send the money, or should he first send the valid password?), but we can probably find someone we both trust to make a deal.

John Connor [PersonRank 0]

16 years ago #


DPic [PersonRank 10]

16 years ago #

I'd post about it here immediately.

Roger Browne [PersonRank 10]

16 years ago #

[put at-character here]Veky: that reminds me of the people who leave $100 on a shelf near the front door, in the hope that any drug addict who breaks in will steal the $100 and run for it, instead of trashing the house looking for other valuables.

It helps in the short term, but causes more problems for society once the crooks catch on to what's happening.

Rolf [PersonRank 0]

16 years ago #

For the outside world, my mail looks like it's comming from my own domain (if you don't look to hard at the headers). Merely rerouting the delivery address of my domain solves the immidiate communication problem, and my friends probably won't even notice that I had a (hacked) google account.

Next step is to contact Google about how to get my account back, or at least my content blocked from viewing by the "new owner" of the account.

Bottom line: allways ensure there's no "single point of failure" in the chain. You can blame Google for being a point of failure, but not from being the SINGLE point of failure in our specific case I guess.

I like Google, but I hope my data stays safe there... Even though it sounds like I have it al under control, I think this would be really scary...

Rolf [PersonRank 0]

16 years ago #

Oh and for the "giving money" tip: I'd never, ever give money to a crook to reward him for his crime. I'd rather spend months recovering everything. Crooks should not be rewarded, but punished. Severely, and very publicly. So the next wannabe-Crook thinks again before trying anything.

/pd [PersonRank 10]

16 years ago #

just in .. most fitting for this thread :)-

"Seventeen Indicted For Cybercrime And ID Theft In New York "

Rob Fuller [PersonRank 1]

16 years ago #

Vecky, the hacker would reply to you immediately and ask for €1000. Or more....

Veky [PersonRank 10]

16 years ago #

[put at-character here]Roger: Of course, I assume that would be an isolated incident, not a global problem.

[put at-character here]Rolf: So, if you for example lose a wallet, offering a reward for the person who "found" (stole) it is morally wrong?

[put at-character here]Rob: So what? I'd refuse that, and reiterate my offer for €100. If he refuses, then I'd go to Google (and I'd tell him that in advance). €100 is not just some random amount of money, it's really my rough estimate of a value of (possession of) my Google Account data to me. €1000 is ridiculously more, and I doubt he will be so stupid to ask for that much.

wolfcrane [PersonRank 1]

16 years ago #

This happened to me. Finally got my account back.
I wanted to clarify what happened, and asked Google: Was my account indeed hacked, or was it a tech error? They replied by saying:
"in accordance with
state and federal law, it is Google's policy to only provide such
information pursuant to a valid third party subpoena or other appropriate
legal process.

If you have additional questions about obtaining such information, please
feel free to contact us at our legal dept.."

So what do I do now? Thanks to Google's great customer service?
Twiddle my thumbs and hope my good name isn't ruined?

One thing I did do, is subscribe to a premium e-mail service that will give me customer service & tech support anytime I need it.
Remember you get what you pay for. Gmail costs nothing, so don't expect anything else.

Grimmthething [PersonRank 2]

16 years ago #

Everyone should have one gmail address that forwards to the one they check. Then you would only lose either all your info, or your account but not both.

AJ Batac [PersonRank 0]

16 years ago #

It is a good day to die. :(

Armand [PersonRank 0]

16 years ago #

What i do, craying, screeming, & more craying, and maybe kill myself.

Jabapyth [PersonRank 1]

16 years ago #

how responsive is google support?

Keith Chan [PersonRank 10]

16 years ago #

I would screw ... everything I have online .. is with Google .. all emails, documents, vidoes .. GONE!

zwetan [PersonRank 1]

16 years ago #

A pretty safe proof of ownership of the account
is to make a screenshot of your gmail inbox
or even regular screenshot (like every month)

sure a screenshot can be faked, but
done well you could prove that at this n time
your account was in a particular state
and this is pretty hard to fake ;)

I'm surelly too trusty towards google to keep my data safe,
and if my gmail account was stolen ahem I would be in BIG trouble,
but considering I use about 10 google services connected to
this particular gmail account that would help also
to prove that the account is mine (content, online activity, etc.)
and help me get it back.

Also I don't really see any use in backing up a gmail account,
google servers, google data servers, etc. are my backup.

Ok i'm not so naive, I always connect to gmail using https
and my password is pretty strong, so for someone to first
hack into my account he/she would need to find it
and for that good luck :D.

Andrew Bell [PersonRank 1]

16 years ago #

Veky makes a good point, however much he asks for the second time, once you persist on paying a set price he will eventually fold.

Accounts on the undernet or on mIRC are usually sold, and for as little as $20 each, $9 in bulk (I don't know this for sure, just heard about it) as are myspace accounts these days, who buys those? people who want to spam user lists and so on.

Anyway, I make a note not to have anything of real value to me online ata ll, and when I must, on my own server protected as best as I can. The internet unlike the real world is less secure, and lawless if I can call it that.

Just be safe and don't do silly things like email your friend your credit card details, and forget to delete the sent mail (you should not be as stupid as to send such info over the internet in the first place as anything sent electronically these days can be intercepted)

sorry to all those who have been effected by this before. Live and learn.

wolfcrane [PersonRank 1]

16 years ago #

My password was a random series of letters, numbers, and special characters (ie:![put at-character here]#%). I did not click on anything, and I have some major security programs on my PC.
Your Google account CAN be hacked! How, I don't know. I have been told it can, by those that know how.

Remember: putting all of your eggs in one basket can be a big loss for you: all those services and apps can be gone in a blink of an eye. What happens when the handle on the basket breaks?

an answer to:
Jabapyth [PersonRank 1]
9 hours ago #
how responsive is google support?

they are not responsive. You will be lucky to hear from them in a bout a week, and it will be a standard formatted reply. They will not tell you what happened, just that your access has been enabled again.
I was a huge fan of Google, and a big proponent of Google & it's services. I urged everyone I knew to use Gmail, and the other services.
After this fiasco, no more. I will advise caution when using them.
I still use Google for some things, but after this lack of customer service & tech support, I have started looking at other sites to meet my needs.
It was my own fault for not having an e-mail service that would listen to me. That has been corrected.

Rohit Srivastwa [PersonRank 10]

16 years ago #

What Matt has to say here :) ??
Any suggestions Matt?

Rohit Srivastwa [PersonRank 10]

16 years ago #

Raffaele's solution sounds good but is it possible to remember all this BOLD feilds

like –
Account creation date:
Password change date:
Other Google services you used with this account and the date you started using each one:

Stephen Meyers [PersonRank 0]

16 years ago #

I had my gmail account stolen. He changed my password and secondary email, which makes it nearly impossible to get in. I was still logged into Google talk though, so i could see the headers of all the mail i was getting. That punk also changed my name. My ebay account was also hacked, and the thief tried to buy every wii, playstation and xbox on ebay that they could. Fortunately, not many people ship to Nigeria and ebay is very forgiving when they see you're not from Nigeria (i live in Virginia.)

After I cleared up the ebay mess, which took all of 20 minutes, I filled out a security breach form for gmail and gave them all kinds of info. The more the better. Obscure things like original invite address, who invited me, common chatted to and IMed contacts, etc. I also mentioned the ebay mes and the crazy Nigerian address. Then I waited it out without trying to connect to my account.

After reading forums about people who had the same issue, I concluded that it would take 5-10 days just to get a reply from Google, and then another 5-10 to get your account fixed, if they could. So I was planning to be out for a while. To my surprise, Google contacted me in 3 days and had me reset my password and I had my account back.

My suggestion to those in a similar situation is to tell Google all that you can about your account and then to sit back and relax, because there is nothing more you can do. Google did a good job, but i still hate Nigeria.

Elias Kai [PersonRank 10]

16 years ago #

This is going to happen now, tomorrow and forever with any mail system.
There is no fully secured system or society. Everything is vulnerable and mostly because it is used by humans.

zeco [PersonRank 1]

16 years ago #

Google really needs to do something about this. Recently a friend of mine almost lost his account because of an accident while changing the password (I'm not entirely sure how it happened exactly, but he's not a noob). The problem was, he didn't know which secondary address he had given, back in 2004. Luckily he remembered and was able to regain control of his account. --phew--

Not only would I get suicidal thoughts when loosing my personal account for whatever reason, I'm also dealing with a lot of newbies who frequently ask me about computer problems, which I usually can solve. I would be deeply heartbroken if I had to tell someone that nothing could be done in such a critical matter. I can only imagine what the Gmail helpdesk has to deal with, every day.

Usually you might say that it's everyone's responsibility to keep backups and if something's free, you are at fault if you trust it too much. But Google is clearly inviting people to organize their whole life on those accounts while having them dangle on a single username and password.
Also there are no simple to use backup methods, you have to use Imap on Gmail and different things for the other services, which will take forever.

So here is one idea (at least as long as DNA- / retina-scans aren't feasible) to make accounts more secure:
How about a super-password similar to the PUK of a mobile phone?
A secure string which will be randomly generated by Google, which the user can optionally activate and store somewhere safe?
There should be lots of different options, I would probably use them all. Also I want to permanently disable the "delete account"-option, as I'm absolutely 10000% certain that I won't ever use it.

Matt Cutts [PersonRank 10]

16 years ago #

I tihnk the official documentation gives this page for stolen accounts and what to do about them:


Veky [PersonRank 10]

16 years ago #

> Also I want to permanently disable the "delete account"-option, as I'm absolutely 10000% certain that I won't ever use it.

LOL. It's funny how people sometimes believe things are permanent.
Suppose Brin and Page die in a plane crash tonight, and try to extrapolate few months into the future.
Are you still so certain?

pokemo [PersonRank 10]

16 years ago #

my bursamalaysia[put at-character here] has been stolen...till now...i still could not get back my account...finally i give up...:(

Sometimes I like Google, sometimes, i feel very disappointed with Google...

Rohit Srivastwa [PersonRank 10]

16 years ago #

Thanks Matt
But do you think its easy for anyone to remember those dates?
should we all start keeping those details available somewhere so that it can be used in emergency.

Anyway how to know "Account creation date". Is there an option where I can check that cause i seriously don't remember it :)

Catalin [PersonRank 0]

16 years ago # – Afaceri, Oportunitati afaceri, Ghid Afaceri – Google

Ianf [PersonRank 10]

16 years ago #

Matt Cutts: "[...] the official documentation gives this page for stolen accounts and what to do about them:"


> Email address you use to log in to your account

What EXACTLY is meant by that? Since when do we use"email accounts" to log in to an [Google Accounts/Gmail etc] account? We use an account-id and a password. If what is meant here is "name of the account that was hijacked or broken into" then why doesn't it say so?

The entire questionnaire seems to have been constructed by robots with no understanding of how people label information quota. Least of all people with non-English mother tongue and/or such lacking the necessary CompSci credentials to understand gooblegydook.

> Verification link from your "Google Email Verification" email

Which link of course everybody of us has printed out and/or tattoed on the inside of our eyelids.

Frankly, the amount and granularity of precise answers that are requested here for regaining an account are mind-boggling. How are we to remember all that UNLESS Google generates such a composite reminder-of-vital-data-needed-for-recovery-in-case-of-... and mails it periodically to emergency adresses, not Gmail, with an admonishment up front TO PRINT IT OUT and then to delete it from any --potentially compromised-- electronic storage. Or something. Anything but that largely unintelligible form that adds to, rather than alleviates, the stress of the injury. Google should rethink this issue and come up with some guaranteed method of recovery that doesn't rely on such Google-centric data items as "when one has changed one's Orkut password last, etc".

zeco [PersonRank 1]

16 years ago #

So grab a pen and write down the following data:

the following email's date of origin:'s+what+you+need+to+know.%22&source=navclient-ff#search/subject%3A%22Gmail+is+different.+Here's+what+you+need+to+know.%22

the verification link inside this email:

As for the other data (date of each service actication??), everyone has to find his own method to recall them. Perhaps you'll find them mentioned inside some of your old emails / chatlogs.

There are different methods of storing such information in the physical world securely, eg some fake records in your personal phone directory / anniversary calendar, on the inside loop of some old CDs, -you name it.

Guy [PersonRank 0]

16 years ago #

Why are you planing to hack my account?

Christina M [PersonRank 0]

16 years ago #

Folks, backing up is merely missing the point. The real harm if you were hacked isn't what info you would lose, but what info the hacker would gain.

One simple protection is to use a different google password than your passwords for other things; but if you still got hacked, the hacker would have access to any information you have stored there. I'm going to look for somewhere else to store some of the info I've stored on google in the past. Somewhere not available by login online.

meda [PersonRank 0]

16 years ago #


Andy Wong [PersonRank 10]

16 years ago #

Because it's Google's fault, they should be the ones who block the accounts and solve the problem. And this is possible.

What the bank will do if you lost your password and it was your fault? Your bank will surely provide assistant if you have cross references to prove your identify, such as ID cards, bank statements and other info.

I would suggest that Google provides such service: Ownership Protection.

Google has to do the job cooperating with banks, post offices or other credit organizations. You need to tell Google your identity, and associate your Google account with your bank account. If you have your Google account stolen, you will need to go to the bank and show documents of proofs. Then you or the bank may notify Google to reset the account.

Because your bank is doing business with you with your real identify, so the bank is responsible to recovering your stolen bank account, and is able to.

All the goodness of recovering stolen Google account is only possible provided that you give up your anonymity of Google account, and do business with Google with your real identify.

Of course, such service will come with a fee charged by the bank and Google, if it was your fault losing the account, and the bank and Google together assist you to recover the priceless account.

I have more details covered at

J. McNair [PersonRank 10]

16 years ago #

It's interesting that we are in such a time that an online account with an e-mail address is becoming much more of a Universal ID than those little cards governments want us to carry around.

[put at-character here]Cristina
Hey, that's a good idea. I also liked another poster's suggestion of rotating your password once a month, just in case. This is similar to information security policies at major companies. Still, if your account is hacked a unique and inconstant password just delays hackers from getting to your other services.

[put at-character here]wolfcrane
That really sucks. I hope that was BEFORE Stephen Meyers lost his Account.

[put at-character here]Stephen Meyers
I'd love for Google support to be that good. Of course, I'd love better to never have to need them.

Pam Scott [PersonRank 1]

16 years ago #

You give Yahoo! another try....,1540,2208000,00.asp

sandeep [PersonRank 1]

16 years ago #

In this case we should contact google support centre and also post ask for their help in google official blogs and groups and hopes that google as a responsible and reputed company will take care of this.

[Signature removed – Tony]

wolfcrane [PersonRank 1]

16 years ago #

It happened to me just a couple of weeks ago. I am still investigating it as much as I can. I doubt I'll ever find out what really happened, unless I want to hire a lawyer, and subpoena Google for the records.

J. McNair :
[put at-character here]wolfcrane
That really sucks. I hope that was BEFORE Stephen Meyers lost his Account.

Amy [PersonRank 0]

16 years ago #

Hmm, I read the original post as an attempt to get people to think about not putting all their eggs in one basket (so to speak).

Backing up is not the point, nor is responsiveness by tech support the (main) point.
The point is that the person who broke in can obtain-- if you are not careful-- a lot of data about you that would not normally be so easily connected. Your spreadsheets, documents, appointments, what feeds you like to read, your search history...

[For myself.. I have multiple google accounts and use them for different activities. I actually avoid using gmail for much personal mail, rather more for storing list mail and interesting online articles.]

Phillip's Fan [PersonRank 0]

16 years ago #

Secondary Yahoo ID email is set to auto forward mails to my gmail id of which the password is gone . haha

Matt Cutts [PersonRank 10]

16 years ago #

Rohit and Ianf, I take your points that it would be nice if we could do more or make it easier for people that have their accounts stolen, hacked, or lost. I passed the feedback on in a couple places that it would be nice to take a fresh look and see if we could spot some ways to make things easier for such situations.

Avrohom Eliezer Friedman (AEF) [PersonRank 10]

16 years ago #

Matt – Hw does one become a trusted tester?


Swaroop [PersonRank 1]

16 years ago #

I am not a diplomat or hardly do any un-social activity.. And i have a long-not-so-common mail address which ppl who are steal-its-a-kool-nickname would keep away from :)

Sourav [PersonRank 0]

16 years ago #

Yes, google needs to make things more simple for everyone...

Ralph [PersonRank 0]

16 years ago #

Losing may mails wouldn't be that horrible; i have them backed up anyway. As for Google Docs: I don't use it.

Google should introduce something like eBay did with its "trusted users" – use snail mail or credit card to verify a user and provide them with a lockdown- and get back-code via snail mail. Or use certificates in the browser for login.

As long as there's no enhanced security to protect – and in a worst case scenario get back my ID/account -, i neither can rely on or trust Google (or any other web app) with sensitive stuff.

Live Mail [PersonRank 0]

16 years ago #

What would we do? Shouldn't we be asking Google what they must do to prevent such thing?

Dave the CFRE [PersonRank 0]

16 years ago #

This happened to me last week with my gmail account – part of a Nigerian Scam using facebook.

I haven't heard a peep from Google about it. This is despite my emails to Google/Gmail tech support, to investor relations (I own some of their stock), and others.

I started to blog about it here –

Why on Wordpress and not Blogger? Because Google hasn't done anything to help and I've decided to stop using my Blogger account.

I realize that I may not get the actual email account back but I want them to shut down the account so the person who stole it stops sending spam about me being stuck in Africa needing $1800 wired immediately to a hotel in Lagos.

Facebook fixed my webpage with them in less than a few hours with only one email.

Google doing nothing = priceless.

Shawn Levasseur [PersonRank 0]

16 years ago #

This is where Google Apps for your domain is the best way to use Google's apps.

If Google drops the ball, you can always point the domain to new servers. So you don't have to go through a change of address notification hell.

(Having your own domain is a good idea for e-mail address portablity no matter what you use for e-mail)

engtech [PersonRank 1]

16 years ago #

It happened to me two weeks ago because I had the password recovery email address set to an old email account I'd loss control of.


Justme [PersonRank 1]

16 years ago #

Who will use google account to store serious information?

I don't...
I won't...

cubicleanimal [PersonRank 0]

16 years ago #

That would be OK. The day I created my first free online email account, I was prepared for one thing ...someday someone will hack into my account on the web. So how do I make sure I never regret? not keep any important information on those accounts. Trust the home desktop PC or your laptop (encryption feature turned on) for keeping your electronic documents safe.

tenderfoot [PersonRank 0]

16 years ago #

A question for the experts out there:

What is the best way to backup Gmail messages, assuming this is possible? For example, is there a program you can install that will save each message on your hard drive as a backup?

Any suggestions would be appreciated..

Dustin Correale [PersonRank 0]

16 years ago #

I've had this happen before. I had my identity stolen, and in the process, my gmail account. I contacted Google, and they closed everything, but they wouldn't restore the account for me. I thought it was a reasonable request, and I could have easily proved my identity, but they wouldn't work with me. The customer service system was also incredibly difficult to deal with. Don't get me wrong, I love Google, but I was a little disappointed. Heck, my email account was dustincorreale[put at-character here], which is just my first and last name, so I thought for sure I'd be able to get them to help me out. I guess technically, they did when they closed the account so it couldn't be used fraudulently. I still wish I could have kept the account though. Starting from scratch is always a pain, not to mention i couldn't have my name as my address anymore.

Juno [PersonRank 0]

16 years ago #

Well this would be very freaky, but it can be true, because several times I have received emails from google to confirm my password change to one of my accounts, when obviously I have never even attempted to do it. Luckily, I have 10-15 letter passwords for almost anything I do online. I tend to change and randomly rotate them once or twice every 3 weeks or so. One of the times I got this email, I actually emailed the Oogle people and they said nothing was compromised and that it was probably just a mistake by someone who entered the wrong username.

lilfrea [PersonRank 0]

16 years ago #

Use Thunderbird/Outlook to POP into gmail. Download all the messages and archive them.

Twan van Elk [PersonRank 1]

16 years ago #

Okay, one thing a learned the hard way: there is no Google support. So don't put you important mail on Gmail. Use the services provided by your ISP or at least services provided by a company that has tech support you can e-mail or get on the phone.

BTW, a tip: there's a difference between a Google-account and a Gmail-account. Don't connect the two and you're relatively safe. Your Google-account can be connected to your real (not Gmail!) e-mailaddress (maybe you have your own domain?). If you wish to delete it and start anew, you can do so without any trouble, as far as I know. Not so with a Gmail-account: delete it once and you can never get it back.

Ianf [PersonRank 10]

16 years ago #

[put at-character here]Matt Cutts []: nice to hear you listen ;-))

Any stolen-account recovery redesign --my hastily sketched idea outlined in #id114577 was just that, in all haste-- would need to minimise the amount of worry, and actual work of both the "hijackee" (or claimant), and Google. It'd also need safeguards against potential false claimants = WANNABE-HIJACKERS. I don't have all the answers, but I *think* this would go some ways towards solving it:

1. The very second mail after the initial "Welcome" msg should consist of an IN-CASE-OF-FIRE-doc that's to be printed out and then deleted outright – complete with a sermon on password-picking/ "account defense" strategies etc. If this msg not deleted during the session (or some other metric), Gmail WILL DELETE it anyway (=Google owns it).

2. UPDATED recovery docs generated after each user action of significance – such as password or secondary-address change. Each time the item will be auto-deleted (and never forwarded, say) after first reading/ session.

3. This *STORE-IT-SAFELY* Recovery Document would summarize in both human-readable AND machine- (bar)coded form all the known account-datapoints so far --initially only the date and the IP# from which the account was created and the security question (no visible answer!); later on also the accumulated dates of password changes and/or other independently verifiable "acct. history points." The larger the scope the better.

4. This doc would become the SOLE means of recovery – fax/register-snail-mail it in, have Google scan in barcoded parts, compare them algorithmically to current account status, decide whether they tally, reset and issue a new one-time-password to a _manually_added_ secondary address.

5. The important thing is not to rely on known human inability to note down such data manually, hide them elsewhere, and then remember where one has hidden these oh-so-important data when needed.

David Saunders [PersonRank 1]

16 years ago #

Is there a way to recover page views of you looking at your Gmail in your web browser?

Is that all stashed deep on your hard drive? Could data recovery people retrieve all that for you?

Ianf [PersonRank 10]

16 years ago #

David, unless your terminal is running some dedicated fork-and-save-session background app that explicitly violates the NO CACHE rule of Gmail, I'd say "no" to both.

In standard Unix* configuration you could at most recover the times of consecutive accessess (via the httpd logs).

The beauty of Gmail is that it's all done with background calls to the back-end, and integrating the returns seamlessly into the rich-text front end, where memory-held text snippets replace onscreen content as needed.

I shriver at the thought of umpteen of these fragments populating and, very soon, loitering around on a hard drive after session's end.

Slippy Lane [PersonRank 1]

16 years ago #

So, who wants to be first to set up the Bloggers' Emergency Posting Network?

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!