Google Confirms Accounts Are Being Hacked — How To Recover Yours

How to recover your hacked Google account.
Getty Images
Google has confirmed that there has been a massive spike in the number of attacks against Google users, specifically being password-stealing threats delivered by email, which increased by 84% last year — a worrying trend, Google said, that has “only intensified in 2025.” If you need proof of the danger of these infostealer attacks, I could point you to any number of reports, but to be honest, you’ve probably already read them. Far better, then, to point you instead at the advice that Google has issued regarding how to recover your account if it gets hacked.
Help — My Google Account Has Been Hacked
Take a quick peek at the Google and Gmail online support forums, both official and those on Reddit, and you will soon realize that there is a constant stream of messages from people asking for help to access their hacked accounts.
The July 29 Google announcement by Google’s senior director of product management, Andy Wen, confirmed the extent to which this is an issue. “Attackers are intensifying their phishing and credential theft methods, which drive 37% of successful intrusions,” Wen warned. Wen also noted that Google has observed an “exponential rise in cookie and authentication token theft,” being employed by hackers in compromising accounts.
I have covered the steps to take in order to mitigate these attacks in various articles here at Forbes.com, and I suggest you go check them out. But what if the worst happens and you fall victim to a Google account hacker and find yourself locked out of accessing your precious account? The account that, among other things, opens the sensitive data vault that is your Gmail inbox. Don’t panic, Google has got you covered.
If your Google account has been hacked, or you find yourself locked out for whatever reason, there’s a helpful official online guide to recovering access in just a few simple steps.
- Point your web browser at g.co/recover and enter your Gmail address. Be sure too use a computer or phone that you’ve used to sign into your account before, and use your usual browser at a location you usually sign in from.
- Answer the questions Google asks to the best of your ability. If you can’t remember your password, use a previous one that you can or “take your best guess,” as Google suggests.
- You may be sent a security code to your recovery email or phone, authenticator app or a direct prompt on your device. Note, however, that “Google never asks for your password or verification codes over email, phone call, or message,” that will be a hacker.
- Reset your password when prompted.