English
Specials
    Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeTechnologyGmail hack alert: Google ‘warns’ 3 billion users, says they have 7-day window to recover their accounts

    Gmail hack alert: Google ‘warns’ 3 billion users, says they have 7-day window to recover their accounts

    New Gmail account attack: Hackers changing passwords, recovery details, and more—Google gives 7 days to recover.

    MC Tech Desk
    April 22, 2025 / 17:20 IST
    Gmail

    Gmail

    Google has issued an alert for its Gmail users following a spike in account takeover attacks. The tech has warned that if a Gmail account is compromised, users will have just seven days to recover it or risk losing it permanently. The warning affects all Gmail users—over 3 billion globally—underlining the scale of the threat.
    This announcement follows reports of an advanced phishing campaign that tricks users into thinking they’re interacting with official Google security messages.

    What’s the security threat for Gmail users?
    According to a report by Forbes, the current threat uses a combination of OAuth abuse and a workaround in DomainKeys Identified Mail (DKIM) to make phishing emails look like they are genuinely from Google. This bypasses many traditional spam and phishing protections.
    In simple terms, the attackers change passwords, recovery phone numbers, and even set up passkeys to lock out the original account owner. They then gain full access to emails, personal data, and linked services, making this not just a Gmail issue, but a wider digital identity threat.

    Why users should be worried
    The danger lies in the sophistication of the attack. Once the account is compromised, the attacker may use AI tools and infostealer malware to spread further across a user’s digital footprint. The phishing emails are so convincing that many victims unknowingly provide credentials, giving hackers full access.
    If you lose access and do not act quickly, Google may not be able to verify your identity beyond the 7-day window, especially if your recovery information has been changed by the attacker.

    What should users do?
    Google advises users to enable phishing-resistant authentication, like security keys or passkeys. Also, it’s essential to set up a recovery phone number and email. Even if attackers change these, the original ones can still be used for a limited period.

    To add or update your recovery info:
    Go to Settings → Google → Manage your Google Account → Security → Recovery options.

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    MC Tech Desk Read the latest and trending tech news—stay updated on AI, gadgets, cybersecurity, software updates, smartphones, blockchain, space tech, and the future of innovation.
    first published: Apr 22, 2025 05:17 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347