Securing your Google Account after a possible hack

A couple friends have recently had security scares with their Gmail account where they were worried that their accounts might have been hacked. I was emailing one of them about how to make sure that your account is safe, and I realized it might be handy to post this on my blog as well.

Here’s the email that I just wrote to a friend:

Here’s what I’d do:
– change your password (make sure you’re on when you change your password)
– check for any strange activity. In Gmail, go to the bottom right and look for a message that looks like “Last account activity: 30 minutes ago. Open in 1 other location” and click on the “Details” link and look for any unusual logins, for example log ins from countries that you haven’t been in recently.
– Also check for weird forwarding rules. If hackers get into your Gmail, sometimes they’ll create a rule that forwards all your email to them. To check your filtering rules, in Gmail click on the gear icon in the top right, then select Settings from the drop down. Click on the link for “Filters” and just check whether there’s any rules that look suspicious to you.

In an ideal world, you’d turn on two-factor authentication like is described at . It’s more hassle to use two-factor authentication, but it makes your account much more secure against being hacked.

I’m a big fan of two-factor authentication, but I realize that casual users might not want to turn it on. My take is that it’s a lot better to set up two-factor authentication than worry about a hacked account.

24 Responses to Securing your Google Account after a possible hack (Leave a comment)

  1. IMO, everybody should make use of two-factor authentication to secure his/her account.

  2. I must admit i did not know about the 2step verification, i surely will use it. Thank you very much!

  3. Thanks Matt, I never knew about the second verification process either… Last year, I had a notification fro Google that my account had a possible hack, ever since then I have changed out password at least every 3 months…. Something else people can do to… =)

    Thanks again Matt and God Bless…

  4. Thanks a lot Matt for introducing this interesting and secure rule from the prospects of the Google account security. I like that and also used now. I think it will give benefit to all Google account user who fear for their account being hacked.

  5. The 2-step verification is a must. Google accounts hold the keys to many doors. You’re a fool if you aren’t using it.

  6. Hey Matt,

    This is an awesome post! I’ve had people come to me on many occasions with hacked email account issues. Most of the time I get the phone call from my aunt or cousin saying, “Russ! Please help! I’m sending emails without even knowing it!” Then I have to break the news to them that either someone hacked their account, or that they should deeper consider seeing a neurologist. Then I usually end up going through the 101 reasons why their password shouldn’t be their last name. Then walk them through the steps of re-securing their account. A process that could take hours and result to me going to their house and “fixing their computer”. Sharing this post will no doubt make my life so much easier lol

    Thanks Matt!

  7. Great advice on the forwarder thing. Not something I would have ever thought of checking.

  8. Thanks Matt for sharing stunning post. One of my friend’s Gmail account was also hacked and he was already sent an e-mail to Google regarding this.

    But he was not receive any kind of help from Google but now he recovered his Gmail account from recovery e-mail address. Now he is using two step verification for his Gmail account.

    My question is why most of the Gmail accounts hacked as compare to Yahoo and Microsoft accounts? Are we lacking somewhere?

  9. The two-step authentication seems like a big pain every time you log on. Until you get hacked and you have to spend hours/days restoring your account. Or rebuilding it with a new email address. I wish all email programs used it. My buddy spent two days fixing his account, then he had to inform all of his contacts of his new email address. Talk about a hassle.

  10. It is one of those things you realise its importance once it happens. Great to learn about the strange activity thing as well which I haven’t even noticed it existed.

  11. Thanks Matt. Very timely. Account security is a bit like backing up your files. You always think you should do it and then when you need it, are ever so thankful you did.

  12. Hey Matt, thank you for sharing this important information and I’ll be glad to share it on my own Google+ , FB and Twitter

  13. Hi Matt

    I didn’t even know 2-step verification existed, thanks for this, I have much fun using it now, specially that you can assign different devices too.

    The only worry is if you are ever at a location with no phone service then it could become a problem. But it is indeed very secure and will make hacking possibility really close to 0%.


    • There is an app for that! Google Authenticator which you set up one and you don’t need phone service, it runs on the iPhone/iPad/Android/and I think blackberry.

      You still need you’re phone or tablet, but you don’t need net access later.

  14. Hi
    This is really good to know, I didn’t know I could check the login history at the bottom of the gmail page.
    Thanks ๐Ÿ™‚

  15. Hi
    thanks for the post. Like many other replies, the two-factor authentication is a simple but very useful security step

  16. Hello Matt..Thank you very much and this is very useful indeed.

  17. Thanks Matt for the great email security tips.
    Anyone know of any good articles about 2-step verification?

  18. Hi Matt, great advice. I am going to try and setup the two-factor authentication to secure my gMail account. Why don’t the hackers get a life and leave us alone?

  19. This is really a good piece of advice Matt and I just want to add a little bit about your computer security. I believe that it is also important to put an Internet Security in your computer to prevent hacker in getting your username and password especially if you are using windows OS. ๐Ÿ™‚

  20. So how did they hack into the account? What are the most common ways that Gmail accounts are hacked?


  21. Hmmm…I just tried to post a comment on Matt Cutts blog. I can assure you I am not a spammer. Yet, I received a message after submitting my comment reading:

    “Sorry, but our system has recognised you as a spammer. If you believe this to be an error, please contact us so that we can rectify the situation.” Who do I contact to rectify this error?

    Please advise. Heck, you can call me if you like.

    Peter David Gustafson

  22. I have been using 2 factor for a while but problem that I heard with it was phone sim being cloned in such scenarios not just you G account but other financial accounts are in jeopardy.

  23. Hello Matt’s,
    Good advice, all i ill do is changing my G mail password thrice in a year and the password strength will be very strong like adding uppercase and lowercase letters etc et….