[HN Gopher] Ask HN: My Google account was hacked, Google says th...
___________________________________________________________________
Ask HN: My Google account was hacked, Google says they can't help
My Google account was hacked, I was messaged by someone on Facebook
and they demanded I give them money or they would post my private
photos. They started posting my pictures and even sent them to my
family and friends, dad included! They then changed all my
passwords, restore email, phone number ect to their own email and
number, so I can't do anything. They wiped my phone and my son's
tablet completely, all my banking is gone, everything is gone. I'm
now stuck in a foreign country away from my baby with no way to get
money or access my email for my travel documents. I'm really scared
and don't know what to do. Google says they can't do anything to
help me! They can't kick him off or disable my account, I just have
to be harassed and blackmailed, and goodness knows what else. I'm a
single mum and I'm in a different country to my baby, please can
someone help me? I just want to get back. Does anyone know how I
can recover and secure my Google account? I've tried everything
that I can find/Google have told me to do.
Author : lululouise
Score : 242 points
Date : 2022-03-14 20:02 UTC (2 hours ago)
| molszanski wrote:
| Thank you google
| bragr wrote:
| You shouldn't do it but your only decent chance (without knowing
| someone at google) of getting your account back is probably to
| pay the ransom though I suspect this person is probably more
| interested in fucking with people than making money so I don't
| think your chances are good.
| fswd wrote:
| This happened to a friend. His life was destroyed. The only
| person he could talk to was the FBI. They told him they get
| dozens of calls about this a week. On top of that, there's a
| exploit that allows anyone with a dot in their email to receieve
| any other person email it's been active for 19 years. Google
| doesn't care what so ever. Google has the worst infrastructure
| support. There probably needs to be regulation that if your a
| company making over 1B a year in revenue, you need to have a
| basic escalation procedure and human decency... or you can't make
| any tax deductions, and it claws back 10 years, and it applies to
| all share holders who own more than $1M in stock. Suddenly, they
| might answer the phone!
| Jerrrry wrote:
| Not an exploit, it is intentional, and ironically, is a
| countermeasure against phishing.
|
| We all dread the day our Gmail password stops working, but this
| is what we signed up for.
|
| I know my gmail is safe, because I know that without the
| password, not even _I_ can get into it.
|
| This is by design.
| tweenagedream wrote:
| Indeed, it's a publicly documented feature: https://support.g
| oogle.com/mail/answer/7436150?hl=en#:~:text....
| hda111 wrote:
| > is a countermeasure against phishing
|
| How can it prevent phishing?
| paxys wrote:
| > there's a exploit that allows anyone with a dot in their
| email to receieve any other person email it's been active for
| 19 years
|
| I'm not sure I follow? This isn't an exploit, but a feature of
| Gmail. It doesn't allow you to receive anyone else's email.
| logosmonkey wrote:
| yeah, it just allows you to receive email from people who
| don't know their email address. I have my full name @gmail
| and constantly get folks who send stuff to first.last@gmail
| fswd wrote:
| Somehow there's a Google service (I am guessing mobile)
| that allow you to register firstl.ast@gmail or
| f.irstlast@gmail, and then they will both get each other's
| email. Fundamentally if you allow any account to be created
| with a dot and without a dot (two accounts), but filter out
| the dot in the email received, it will cause a problem. The
| dot is one to one with the account, but filtered out
| becomes one to many with the email. Nobody seems to notice
| this logical issue.
| tehlike wrote:
| I was a Google employee at the time, and wanted to login into an
| email with my first and last name@gmail.com. at the time I setup
| email forwarding so didn't have to login at all for years.
|
| Anyway I couldn't remember the password, and their security
| requirements at the time was different from today (no recovery
| email, no verification etc). And as a good security practice they
| also put cool down periods for trying passwords too fast...
|
| Filed for a support ticket, they told me nothing could be done
| because security of the account. I told them to send recovery
| info to the account in question (so that it would be forwarded to
| me), but they didn't. They also verifiably know who I am, and
| there was some amount of trust that it was my account.
|
| I spent few hours of writing down passwords and copy pasting to
| find out. Eventually did.
|
| This shit is nonsense.
| holoduke wrote:
| One question. Whenever you try to change something in Gmail. They
| will ask you to verify via phone? Isn't that mandatory today. I
| don't believe you can simply change passwords without a phone.
| But I might be wrong. Also can't you call your bank and request
| new access? They need to verify you, but that should be possible.
| Last question. How did they wipe your phone?
| tehlike wrote:
| If the account is set up long ago, that may not be a
| requirement
| bragr wrote:
| It's possible but not super easy to not associate a phone with
| it. You have to very careful not to opt in because once you do
| you can't opt out.
|
| As for wiping the phone, that's a standard feature of both
| "Find My iPhone" and the android equivalent "Find My Phone" so
| presumably they used that to wipe them.
| ohashi wrote:
| Guessing that is the case on the wipe and probably standard
| MO for these types of attacks.
| vero2 wrote:
| To help others could you please tell us more information... Did
| you have 2FA? If yes was it SMS or with U2F-key? Which country
| where you previously in? Did you change places?
| jeffbee wrote:
| If it were possible to just call up Google and get your account
| back then that's how people would steal accounts.
|
| It's not very useful advice after the fact, but multi-factor
| authentication and recovery email accounts are highly advisable.
| ghaff wrote:
| Even given easy access to customer service reps, there is a
| tradeoff being them being helpful and friendly and them being
| susceptible to social engineering attacks.
| Nextgrid wrote:
| > If it were possible to just call up Google and get your
| account back then that's how people would steal accounts.
|
| Disagreed.
|
| They could request knowledge that only the account owner would
| possess such as dates/locations of past activity, subjects of
| emails (received before the breach, so that the attacker can't
| just send out new emails to the target account), require
| multiple notarized proofs of ID or other past activity (get a
| letter from your ISP that attests that you had that IP address
| at that time, etc) and maybe a huge monetary deposit to that is
| required to start the process and is forfeited if bad faith is
| suspected.
|
| The idea is to make the process as long, annoying and
| "dangerous" as possible to deter or make malicious activity
| unprofitable while still giving the rightful owner a chance.
| The legitimate owner wouldn't mind getting all these documents
| and leaving a huge paper trail behind him as well as waiting a
| month while the real owner of the account is spammed with
| notifications (allowing them to easily cancel the process if it
| turns out to be a takeover attempt), but an attacker trying to
| break into an account would think twice.
| WinterMount223 wrote:
| Still that can be vulnerable. If you really wanted to give up
| privacy, it could work like bank accounts work where a human
| banker actually knows you. But this would cost.
| throwaway17263 wrote:
| ohashi wrote:
| I suggested OP post here since we spent over an hour trying to
| recover the account and I can't figure out any way to help
| recover it either. Google appears to be a stone wall, the
| hacker's account is obviously using a disposable email (looks
| like a phishing email account with typos and word accoount in
| it).
|
| Google doesn't seem helpful in this situations, hoping someone
| here can help her and has solved this issue before.
| vmception wrote:
| How was the hacker able to change OP's phone number attached to
| the Google account?
|
| Every time I commandeer a google account, its with the prior
| owner - usually in India - punching in the authentication
| number on the phone. (I get the 2 digit number on my screen and
| I tell them what it is, and they select the same number from a
| multiple choice selection on their phone)
|
| Maybe this measure could be circumvented if remote desktopping
| into a computer nearby the prior owner's postal code, and
| taking over the account from that computer, this is how some
| online credit card fraud passes scrutiny, because the hacker
| doesnt appear far from the location of other purchases.
| vageli wrote:
| > How was the hacker able to change OP's phone number
| attached to the Google account?
|
| > Every time I commandeer a google account, its with the
| prior owner - usually in India - punching in the
| authentication number on the phone. (I get the 2 digit number
| on my screen and I tell them what it is, and they select the
| same number from a multiple choice selection on their phone)
|
| I think this is for Microsoft accounts not Google.
| anothernewdude wrote:
| Google are incredibly helpful in this situation, you just have
| to look at it from the hacker's point of view.
| klabb3 wrote:
| [This is one of my worst nightmares]
|
| Was the phishing email designed to impersonate Google and/or
| passed Gmail's spam filter? If so, Google _should_ be very
| interested, so make sure this is communicated to them.
|
| Getting Google's attention is unfortunately one of the few ways
| to increase your chances in the human intervention account
| recovery pipeline, which I suspect is understaffed. If that
| doesn't work, sharing an (appropriately redacted) screenshot of
| the phishing email on social media could also be helpful.
| (Absurd, I know)
|
| If you're lucky, some Google employee on abuse/account recovery
| might see this and escalate. Wish your friend best of luck!
| ohashi wrote:
| She doesn't have a copy, she deleted it.
|
| I believe it was one of these:
|
| https://thethaiger.com/news/national/officials-warn-about-
| va...
|
| Targeting people doing Thailand Pass, but can't confirm it's
| the exact same details in terms of headers and such.
| tluyben2 wrote:
| If she downloaded and executed a file, I can see how
| everything can go wrong fast; what are other ways to get
| into your Google account unless by having your enter your
| password in a phishing page?
| ohashi wrote:
| I suspect the attacker had (maybe still has) full access
| to her laptop. They wiped her phones, so I am assuming
| they are clean of malware and trying to get her to do
| everything from the phone which should be clean and not
| the laptop which we have to assume is compromised.
| textadventure wrote:
| Well, this is not a solution for your situation, but for anyone
| reading this who doesn't want to be in your situation ENABLE TWO-
| FACTOR AUTHENTICATION on every account you have anything remotely
| valuable.
|
| I once got a Hotmail account hacked and Microsoft was very much
| able to recover my account as long as I was able to provide them
| with enough information (old passwords, personal information,
| etc) to prove the account was mine, so I'd really try all Google
| avenues possible because it's your best bet for recovering your
| account.
|
| If you can't access your money that's a banking issue, talk to
| your bank.
| madaxe_again wrote:
| 2FA is helpful, but you can usually call most service providers
| and get them to remove it. Often with totally inadequate
| security checks, like "what's your phone number associated with
| the account, ok, great, I've removed the 2FA". Can't comment on
| Google, but I've had this with the British government, of all
| people.
| davesmylie wrote:
| The other thing you should be doing is _not_ using the
| gmail.com domain for your email - at least for account sign-ups
| to important services.
|
| Buy a cheap domain and use that with your gmail account. All
| the convenience of gmail, but if the worst happens and you lose
| your account, you can pick a new email provider, redirect your
| email and you're back in business without losing access to all
| those accounts tied to your xyz@gmail.com email address.
| agentdrtran wrote:
| Enabling two-factor can help, but if you are the victim of a
| phishing attack as many are, one would expect one of the
| largest tech companies on the planet to have a plan for that.
| tluyben2 wrote:
| This will only get worse. Most people have no clue what mfa
| is and when I tell them they find it incredibly annoying
| and/or forgot how it worked again when they login from
| somewhere else a month later. I had people deleting Google
| authenticator or Authy from their phone because they forgot
| what it was for and their phone was getting slow...
| mitchdoogle wrote:
| It's crazy that the onus is on individuals, who, as you
| point out, are often ignorant about online security
| practices. Put the onus for security on the businesses who
| safeguard information, and they will have a big incentive
| to force users to use more secure methods of logging in,
| they will do more verification for account changes, etc.
| End users won't have any excuse for not using MFA when they
| can't do anything without it.
| ryanianian wrote:
| > ENABLE TWO-FACTOR AUTHENTICATION
|
| More than this: use a password manager that has 2FA built-in
| and use THAT as your google account MFA.
|
| The "easy" MFA with gmail involves approving new login attempts
| with an existing authed app present. But without an activated
| phone or other authed devices present, there is no way to
| authenticate to the GMail app to receive email.
|
| Apple replaced the back of my iPhone after I dropped it. They
| do this by putting a new phone onto your screen and then
| tossing your old phone _along with its activation status_.
| ESIM, so no way to activate it without the old phone (which is
| now screen-less and inoperable). I could not even activate my
| phone because TMobile required a OTP from my email which I
| could not access. (Apple did not warn me about this at all
| btw.)
|
| I was essentially 100% locked out of my account and unable to
| use voice, data, or access my google account until I could find
| a TMobile store to get a new SIM card and then use live-chat on
| the TMobile website to relay the one-time code from my laptop
| which thankfully was still authed. To say I was panicking about
| not being able to access anything was an understatement.
|
| Lesson learned: use an MFA mechanism that doesn't require an
| activated phone since you can't activate your phone without
| having access to your phone. Now I have my MFA details in
| 1Password which is restored as a part of iCloud backup.
| [deleted]
| hatware wrote:
| Cell phones are also not good second-factors, preferably a
| physical offline device like a yubikey.
| ghaff wrote:
| Especially for international travel, it's also a good idea to
| print out key travel information and carry it with you (also
| cash/spare credit cards etc.). Phones get lost/broken/etc.,
| credit cards get flagged for fraud/left in restaurants, etc.
| It's easy to just assume that how you do things day to day will
| always be available--and then they may not be and you are in an
| unfamiliar place.
|
| Ask yourself what would happen if your phone crapped out and/or
| if you lost your wallet. Very unfortunate for sure. But there
| are mostly things you can do to not make it a crisis.
| estaseuropano wrote:
| Not true.
|
| I lost access to gmail because of 2FA - Google Authenticator to
| be precise.
|
| One random sunny day my 2 year old bit in my phone, thereby
| breaking it. A few days before i had reinstalled linux and
| apparently had not yet logged into gmail. So suddenly I have
| only unrecognized devices and no authenticator. Despite living
| in the same place, using the same wifi, etc, I simply cannot
| get back in since then. Its been years with dozens of attempts
| from any possible 'known' device, but there simply is no way. I
| know the password, I know previous contacts, i have old emails,
| i have the password, ... But even when I enter all the info
| Google requests for account recovery I simply get a screen
| saying they will get back to me - and never do.
|
| My fault for not having a backup sheet of codes, but I was too
| worried someone would find and abuse that sheet. Well, goodbye
| 10 years of email.
| jonny_eh wrote:
| That's a huge inconvenience, but at least it wasn't stolen.
| Fogest wrote:
| I keep a backed up list of all my 2fa codes in a password/key
| encrypted storage. I am trying to avoid the kind of situation
| you described. I have A LOT of accounts with 2fa now, and
| losing access to the 2fa app would be an incredibly
| frustrating issue as I would lose access to many accounts.
|
| At one point I actually had a couple backup codes for some
| important accounts in my wallet, such as to my email. My
| thinking was that if I ever lose my phone and need to login
| to my Google account on someone else's device I would at
| least have access to some backup codes to get me in ASAP.
| lululouise wrote:
| Hey guys thanks so much for your response. I do believe 2 step
| was going but the hacker changed the details to his, wiped my
| phone and with it, my Google authenticator and presumably set it
| up on his phone! I'm completely locked from making any changes
| yet I can still see my emails and stuff but I can't change
| anything or verify myself. I did use the authenticator app plenty
| of times so I'm certain I had it set up. Although I'm starting to
| doubt myself now.... It's a nightmare!
| mdoms wrote:
| You're not making sense. You need to slow down, calm down and
| write clearly and with more detail. Doubly so when
| communicating with Google Support staff.
| ohashi wrote:
| She believes she had 2 factor because she used the app on her
| phone and would enter in codes. But her phone was remotely
| wiped (presumably by the attacker) and lost access to the
| authenticator. She can't verify that way anymore because the
| attacker took that tool away from her.
|
| She is still logged into her account on the laptop, so she
| can see things, but can't make any changes (they require a
| password she no longer has since the attacker changed it). We
| saw what the attacker changed the recovery info to their
| email / phone as well. So recovery options aren't working.
| She is trying to pass their email/phone along to some form of
| law enforcement.
| skeeter2020 wrote:
| >> She is still logged into her account on the laptop, so
| she can see things, but can't make any changes
|
| This doesn't make sense; the attacker changed all of her
| account information but didn't click "log out of all other
| locations"?
| vageli wrote:
| Bad actors make mistakes, too.
| Nextgrid wrote:
| If you still have any devices that have your old data (cached,
| etc) it might be worth keeping them powered on but disconnected
| from the internet, so that they don't end up realizing they
| should no longer have access and delete what could be the last
| copy of your data that you can actually access.
|
| Whatever you still have access to (again, from cache, existing
| browser that's still logged in, etc), start making backups -
| screenshots, etc.
| lambic wrote:
| If you're in a foreign country then you have to go to your
| embassy, they are there to help in exactly situations like this.
| Go in person if you can.
| aurizon wrote:
| This happened to me, I went through the google account recovery
| process and it was recovered. I was a victim of an on the air SIM
| jacking of my phone - which suddenly went dead. I had 2 factor
| enabled, but once the SIM was jacked they reset the account and
| used the phone to capture the code. My name is the same as an
| Ambassador - which I am not, I suspect that once they did not
| have a high profile Ambassadorial account they just ignored it as
| nothing was deleted (unless google recovery restored it to a
| prior state??)and after I went through the google account
| recovery process, google restored my account. After which I
| implemented a Fido token system. which you can buy. It works like
| this, but you better make sure you guard your token = lose it =
| screwed. https://fidoalliance.org/how-fido-works/ I also suggest
| you download your mail archive every month using the google
| download process.
| vorpalhex wrote:
| 1. Hitup @askworkspace and @googleworkspace on twitter - loudly
| and publically
|
| 2. Assume any passwords stored with your account have been
| breached
|
| 3. Start canceling all services and getting new ones issued
| paxys wrote:
| Sadly I don't think anyone here can really help you. If it was
| possible to "recover" an account that you didn't have access to
| then anyone could take over anyone else's account. In fact
| support agents are trained not to respond to "I'm stuck in
| another country without money please help me out" requests since
| they are one of the top entry points for scammers.
|
| As others have said, go to your country's embassy. Helping stuck
| tourists like you is their top responsibility.
|
| Once you are home file a police report and start the process
| outlined at https://www.identitytheft.gov/. Consider that Google
| account gone.
| zo1 wrote:
| Sure there is. There has to be a Googler here with the
| necessary access and can just mediate with their support
| department, run a few "select * from mails" queries on their DB
| and use good judgement when asking the user to give info about
| the emails they know they have or have received. Heck, there
| should be some sort of PM/PO/Manager from Google here that
| should use this as a catalyst to have some sort of feature be
| built to solve this problem in some sort of risk-based
| approach.
| lululouise wrote:
| I spoke to Google on the phone and via chat, they said there is
| nothing they can do, except walk me through the restore process,
| which is impossible, as the hacker has the restore email and
| number. Google says only the account holder can make changes, yet
| I can't and someone else can. They have hung me out to dry!!!
| cowvin wrote:
| Honestly, your first problem you need to solve is getting back
| home. Google has no way to distinguish between an overseas
| hacker trying to get into your account vs your current
| situation. You currently have no way to prove your ownership.
|
| So what I would suggest is to focus on getting home. If you
| have to borrow money from family or friends or whatever, that's
| what you do.
| throwawayboise wrote:
| Your post sounds like a textbook scam sob story in itself. I am
| sorry if it's actually true.
| bachmeier wrote:
| Maybe, but in that case wouldn't it be a better use of your
| time to click on the back button and move on to the next story?
| Nobody's asking you to unlock the account.
| ohashi wrote:
| I can verify that it's true and it is a sad story. I've spent
| hours today trying to help her, I am hoping someone in this
| community can actually help because traditional processes are
| clearly failing her.
| crooked-v wrote:
| Definitely talk to the nearest embassy for your home country
| ASAP. They won't be able to help with your Google account, but
| can definitely help with travel docs and may be able to make
| travel arrangements for you.
| throwaway290 wrote:
| Get in touch with your banks and your embassy. Google account
| might as well be gone, but try to prevent any further escalation.
| godelski wrote:
| As time has gone by I've seen Google be less responsive to spam
| and phishing attempts. I've been getting substantially more
| attacks since 2016 and they go into overdrive around election
| time. I'm not sure what is going on because they are fairly
| obvious attempts. Examples include: a pdf on Google Drive shared
| with hundreds of people and text that is in Russian (I've
| translated a few and they want me to contact the embassy); very
| obvious spam emails like "Hey, do you still live in Illinois?" (I
| never have, but have had several password change attempts from
| this location (same IP even) and Google says "enable 2-factor",
| which I already have); emails that go to myname@gmail.com instead
| of my.name@gmail.com; phone calls (I have Fi) from obviously
| voided numbers (numbers almost identical to my own); and many
| more. Last election cycle I almost abandoned gmail all together.
|
| I know there's Googlers here. So why isn't Google taking this
| seriously anymore? The attempts are so bad a naive bayesian
| classifier could catch these! Worst of all, Google provides no
| help. Google should be preventing OP's problem in the first place
| (they seem to not be caring) and doing something to fix it when
| it does happen. As a user it just feels that Google is just
| becoming complacent in this activity.
| seaman1921 wrote:
| > Google says they can't do anything to help me! They can't kick
| him off or disable my account, I just have to be harassed and
| blackmailed, and goodness knows what else.
|
| Not kidding - How do we know you are not the hacker ?
|
| In future please use 2F authentication otherwise there is really
| no way for anyone to tell who is the right owner.
| [deleted]
| grog454 wrote:
| > Not kidding - How do we know you are not the hacker ?
|
| We don't. But we can assume that they aren't for the purpose of
| discussion. It seems more likely that a victim would post the
| OP's post than a perpetrator.
|
| Google also doesn't, but they can say with increased confidence
| what the probability of the OP being a victim is.
|
| But there's an even hard problem: say person A sells their
| Google account to person B, and does this with completely
| offline communications (offline wrt Google). To Google, this
| situation may look no different than a stolen account, at least
| for some period of time. But person A is a scammer, claims
| their account was stolen, and attempts to initiate a recovery
| process with Google.
|
| This situation is the reason I virtually never perform account
| recoveries for players of my games. I also require users to use
| a third party login (like Google or Facebook) for their
| account, because I want as little to do with account management
| as possible.
| ohashi wrote:
| We've been going through facebook recovery, it requires
| pictures of ID. Same way you do any KYC. They still have access
| to the phone that was connected originally as well but the
| attacker put in a swedish or belgium number (it says 046 but
| google shows belgium flag).
| cinntaile wrote:
| +46 is Sweden and +32 is Belgium, 046 is neither though?
| ohashi wrote:
| Yeah I am not sure, I assumed leading zero didn't matter.
| It had flag of belgium on google's screen but started with
| 046 which as you said, Sweden is +46. Maybe it's a Belgium
| number and starts with 046 and it hides country code.
| laurensr wrote:
| 04[5-9][0-9](+6 digits) are Belgian mobile numbers in
| national notation. In international notation the leading
| 0 is ommitted and +32 put in front.
| tinus_hn wrote:
| They could just verify he knows the old password and controls
| the old phone number, and probably also has devices logged into
| or connected to the account.
| klabb3 wrote:
| > Not kidding - How do we know you are not the hacker ?
|
| I think usually it's obvious for someone who can see the
| account's recent activity. You can also design challenge-
| response type questions for the person claiming the account,
| that only they could know, within some reasonable confidence
| interval.
| omoikane wrote:
| I think they meant "how does a random reader on an internet
| forum confirm that the OP is who they claim they are"?
| tluyben2 wrote:
| And most people can tell what to search for find specific
| emails; if that doesn't prove it....
| sva_ wrote:
| > They then changed all my passwords, restore email, phone number
| ect to their own email and number,
|
| Are you sure they changed your restore number? I just checked on
| my account and it doesn't seem to be possible. Even if it is
| possible to add another number, Google should still know your old
| number?
| ohashi wrote:
| Old number is still listed in the account but the attacker put
| their number as the recovery email and phone (I guess there is
| a priority/default)
| wyldfire wrote:
| I wonder - if HN became a really effective escalation mechanism
| for Google support issues, then would it make an attractive
| attack vector?
| Jerrrry wrote:
| It has been done before, via Twitter and slashdot, to get into
| Microsoft accounts.
| scarmig wrote:
| Easy fix, only accounts with >10k karma get the platinum tier
| support plan.
| mathrawka wrote:
| Sounds like I'll have to stop lurking to get ready for this.
| SturgeonsLaw wrote:
| Don't worry, you can jump to the platinum tier for a
| monthly subscription of only $49.99
| Fogest wrote:
| You joke, but you pay for the increased Google storage on
| your account you likely do get access to support you can
| reach.
| [deleted]
| tempnow987 wrote:
| I've had requests like this from family members supposedly "stuck
| overseas" etc. These types of requests are often scams.
|
| My boss recently emailed me (from a weird email) saying the
| landlords payment hadn't gone through and we needed to wire them
| the money pronto and they were stuck traveling and couldn't do
| it. This was a scam.
|
| In my neighborhood folks rent out houses for great deals, the
| landlord is temporarily traveling and can't meet. A fair number
| of these turn out to be scams.
|
| I just mention this because if some low level support agent
| providing support to FREE accounts was able to reset an account
| based on this narrative - and no phone access - that would be
| HUGE security HOLE.
|
| If google starts allowing recovery of passwords by folks overseas
| who are "stuck overseas" with no documents - game over. We are
| focusing on the folks getting locked out, but google is doing a
| fair bit to keep folks from getting taken over.
|
| I have a 2FA key (hardware) they ask me for once a month. I'm not
| sure how someone takes over my account unless they get access to
| my computer with remote access and then maybe re-uses a session
| somehow? Even then I have to re-auth when doing security steps...
| so it's a bit weird to have an account takeover like this.
|
| My request. For a fee of $1,000, an in person visit,
| fingerprints, and research effort, communication with existing
| account holder for any disputes (ie, someone sold them the
| account) google would allow for an account recovery. This last
| step is what is missing. Charge $2,500 even. In some cases that
| would be worth it and allow them to make a pretty good job on
| recovery. Even wipe the account / lock all old messages so they
| are unreadable on recovery.
| [deleted]
| [deleted]
| rdtwo wrote:
| Keep trying to login and reset the password that will eventually
| lock the account. That's my suggestion
| dataflow wrote:
| The only thing I can think of is to file a court case in the US.
| Not sure on how to go about it, or on what basis you can do it
| on, but that's what I would do if I had no other options. The
| sooner you do this the more likely they'll have backups they can
| restore. Of course you'll need to find a way to get to the US
| first (or find e.g. a lawyer to do this on your behalf), so best
| of luck.
| Mandatum wrote:
| Small claims or tribunal. In Australia we have state based courts
| which you pay a small fee to, they'll make a ruling and at least
| Google will give attention to the case it deserves.
|
| It's annoying, but it'll work.
___________________________________________________________________
(page generated 2022-03-14 23:01 UTC)