You Have 7 Days To Act Following Gmail Lockout Hack Attack, Google Says – Forbes

ByDavey WinderByDavey Winder, Senior Contributor. Act within 7 days to save your Gmail account following a hack attack.As the FBI takes the unusual step of warning users of webmail platforms, including Gmail, to enable two-factor authentication in the light of a dangerous new ransomware threat campaign, Google email users still have more mundane hacking threats on their minds. Take a quick dive into any of the online forums offering support to Gmail users, be that the official ones from Google or the very active Gmail subreddit, and one topic currently dominates the conversation: my account has been hacked and I’m locked out.I can’t say I’m surprised that this is the case. Gmail is by far the most popular free email platform on the planet, not just with email users but also for assorted threat actors, scammers and hackers. If a Gmail account hacker has taken full control, including changing your telephone number, email address, password and second authentication factor method, then all may seem lost. Irrevocably lost. Hold on, though. Google has some good news for you, as it is possible to recover your account as long as you act within seven days. Here’s what you need to do.The most important thing to do when it comes to recovering a hacked and compromised Gmail account, according to Google spokesperson Ross Richendrfer, is to act quickly. Obviously, acting quickly enough to prevent the attacker from locking you out in the first place would be best, so employing a phishing-resistant authentication methodology like a passkey would be ideal. But if you’re already locked out, it’s too late for that. Keep that in mind for the future, though.Google recommends that all Gmail users have a recovery telephone number and recovery email address attached to their Google account. “These can be used in cases where users forget their own passwords,” Richendrfer said, or just as critically, “if an attacker changes the credentials after hijacking the account.” This is where the time limitation comes in, though. Gmail users have a seven-day grace period following any recovery phone number change during which they, as the original account holder, can regain control of the account, Richendrfer advised.This number should, of course, ideally be for a smartphone that belongs only to the Gmail account holder, is used regularly by that person and kept on their person. “When you change your recovery email,” Richendrfer said, “you may be able to choose to get sign-in codes sent to your previous recovery email for one week.” Google has provided more help with Gmail account recovery online, including step-by-step recovery instructions.