Secure a hacked or compromised account
If you notice unfamiliar activity on your Google Account, someone else might be using it without your permission. Use the info below to help spot suspicious activity, get back into your account, and make it more secure.
Sign in to the Google Account you want to secure.
If you can’t sign in
Use the account recovery page if:
- Someone changed your account info, like your password or recovery phone number.
- Someone deleted your account.
- You can’t sign in for another reason.
Tip: To make sure you’re trying to sign in to the right account, try recovering your username.
- Go to the Security Checkup.
- Tap Recent security events.
- Check for any suspicious activity:
- If you find activity that didn’t come from you, tap No, it wasn’t me. Then, follow the steps on the screen to help secure your account.
- If you did the activity, tap Yes. If you still believe someone else is using your account, find out if your account has been hacked.
- Go to the Security Checkup.
- Tap Your devices.
- Check for any devices you don’t recognize.
- If you find a device that you don’t recognize, tap Don’t recognize a device? Then, follow the steps on the screen to help secure your account.
- If you recognize all the devices, but still believe someone else is using your account, find out if your account has been hacked.
2-Step Verification helps keep hackers out of your account. With 2-Step Verification, you sign in with:
- Something you know (your password)
- Something you have (your phone, a security key, or a printed code)
That way, if your password is stolen, your account is still secure.
Make sure someone else didn’t give your bank or government instructions, like to open an account or transfer money. This is important if you:
- Have banking info saved in your account, like credit cards saved in Google Pay or Chrome.
- Have personal info like tax or passport info saved in your account. For example, you might have personal info saved in Google Photos, Google Drive, or Gmail.
- Think someone is using your identity or impersonating you.
If you think your account has suspicious activity, you might need to remove harmful software. To improve your account’s security, install and run trusted anti-virus software.
You can also reset your computer to its factory settings and reinstall the operating system.
Important: Make sure to back up the files you need. Learn how to upload files to Google Drive.
Some internet browsers have security weaknesses. Consider using a more secure browser, like Google Chrome.
If you enter your password on a non-Google site, Password Alert on Google Chrome notifies you. That way, you’ll know if a site is pretending to be Google to steal your password.
- Gmail: Review these security tips, and remove any labels, filters, or forwarding rules you didn’t set up.
- Chrome: Uninstall extensions you don’t recognize, and update Chrome to the latest version.
- Google Drive: Review your activity and file versions for anything unusual.
- Google Photos: If you see album sharing you don’t recognize, stop sharing the album.
- Location: Turn off Location Sharing that looks unusual.
Find out if your account has been hacked
If you notice any of these signs, someone else may be using your Google Account.
Important: If you think someone else is using your Google Account, change your password immediately for:
- Your Google Account (if you didn’t already change it after you noticed suspicious activity)
- Apps and sites where you use the same password you used for your Google Account
- Apps and sites that contact you through your Google Account email address
- Apps and sites where you sign in with your Google Account email address
- Apps and sites for which you’ve saved passwords in your Google Account
Suspicious account activity
Correct the setting immediately if you see unfamiliar changes to these settings:
- Your recovery phone number.
- Your recovery email address.
- An alternate or contact email address.
- The name on your Google Account.
- Your security question. Note: Adding a security question is no longer available.
- 2-Step Verification (for example, if this setting was turned on or off without your knowledge).
- 2-Step Verification methods (like a phone or security key that you don’t recognize).
- Apps with access to your account.
- Less secure app access (for example, if this setting was turned on without your knowledge).
- Location Sharing (for example, if your location is being shared with someone without your approval).
Your financial activity might be suspicious if:
- On Google Pay you don’t recognize purchases: Report unauthorized charges to request a refund.
- On Google Pay, you don’t recognize one or more bank accounts, credit cards, debit cards, or gift cards: Remove a payment method you don’t recognize.
- On Google Play, you don’t recognize purchases: Report unauthorized charges.
- On Google Chrome, payment info you don’t recognize is set up: Delete unfamiliar payment info.
- On Google Ads, you notice unauthorized charges or ads: Ask the Google Ads team to review your account for unusual activity.
- On Google AdSense, you notice that payments aren’t going to the correct bank account: Check your AdSense payment method.
Note: We'll use your recovery phone number and email address to tell you about suspicious activity.
We’ll inform you of unusual activity through:
- A notification about an unusual sign-in or a new device using your account.
- A notification that there was a change to your username, password, or other security settings, and you didn’t make the change.
- A notification about some other activity you don’t recognize.
- A red bar at the top of your screen that says, "We've detected suspicious activity in your account."
- Your "Device activity and security events" page.
Suspicious activity in Google products you use
Correct the setting immediately if you see unfamiliar changes to:
- Mail delegation (people with access to your Gmail)
- Automatic mail forwarding
- Your name in Gmail
- Automatic reply (vacation responder)
- Address on outgoing mail
- Blocked email addresses
- Remote access to your Gmail (IMAP/POP)
- Filters that manage your incoming mail
- Labels that organize your incoming mail
Your Gmail activity might be suspicious if:
- You stopped getting emails.
- Your friends say they got spam or unusual emails from you.
- Your username has been changed.
- Your emails were deleted from your inbox and aren’t found in Trash. You can report emails have gone missing and possibly recover them.
Your Blogger activity might be suspicious if:
- Posts you didn’t publish appear on your blog.
- You get comments on posts you didn’t publish.
- Your mail-to-Blogger address has changed, but you didn’t change it.
- Your blog has disappeared or been blocked.