A hacked Google account is one of the most damaging things that can happen to a small business owner. It is not just an email problem. If you use that same Google login for Google Ads, Google Business Profile, Search Console, YouTube or Google Drive, then a single compromised password gives an attacker the keys to your entire online presence.
We recently helped a client whose Google Ads account was hijacked. The attackers ran their own ads off the back of his account, which then triggered a suspension. We got the account recovered, removed the dodgy manager accounts attached to it, and within a short time the same manager accounts had reattached themselves. He was also receiving security notifications about activity on other parts of his Google account.
If that sounds familiar, this guide walks you through exactly what to do.
Why a Hacked Google Account Is So Dangerous
Most people underestimate how much sits behind their Google login. A single account often controls:
- Gmail and contacts
- Google Ads and billing details
- Google Business Profile listings
- Search Console and analytics access
- YouTube channels
- Google Drive files and shared documents
When attackers get in, they often do not lock you out straight away. They sit quietly, attach manager accounts, grant themselves permissions and only then start spending your ad budget or sending phishing emails from your address. By the time you notice, the damage is already done.
Step 1: Change Your Google Password Immediately
The very first thing to do with a compromised Google account is reset the password. Do not just tweak it. Use a completely new, long password that you have never used before, ideally generated by a password manager.
Head to your Google Account security page and choose Password. Make it at least 16 characters with a mix of letters, numbers and symbols. If you have been reusing the old password anywhere else, change it there too.
Step 2: Sign Out of Your Google Account on All Devices
Changing the password alone is not enough. Any device or browser session that was already signed in can stay signed in unless you force them out. This is a step most people miss.
To sign out of Google on every device:
- Go to your Google Account at myaccount.google.com
- Click Security in the left-hand menu
- Scroll to Your devices and click Manage all devices
- Click each unfamiliar device and choose Sign out
If you also use Gmail in a browser, scroll right to the bottom of your inbox and click the Details link in the corner. From there you can sign out of all other web sessions in one click. Do both. It only takes a minute and it kicks the attacker off any active session they had open.
Step 3: Set Up 2FA on Your Google Account
Two-factor authentication is the single most effective thing you can do to stop a hacked Google account happening again. Even if someone gets hold of your password in a future leak, they cannot log in without the second factor.
To set up 2FA Google calls “2-Step Verification”:
- Go to myaccount.google.com/security
- Click 2-Step Verification and follow the prompts
- Choose an authenticator app such as Google Authenticator or Authy rather than SMS where possible
- Save your backup codes somewhere safe and offline
For business accounts where the stakes are higher, consider adding a physical security key as well. It is the gold standard for account protection.
Step 4: Review and Remove Suspicious App Access
Hackers often grant third-party apps access to your account so they can keep getting in even after a password change. On the Security page, look at Your connections to third-party apps and services. Revoke anything you do not recognise or no longer use.
Check the same for Less secure app access and any app passwords that have been created. If you did not create them, remove them.
Step 5: Clean Up Google Ads Manager Accounts
This is the bit that caught our client out. With Google Ads, attackers often link their own manager account (MCC) to yours so they can run ads on your dime. Removing them once is not enough if the underlying account is still compromised.
In Google Ads, go to Admin then Access and security, and review every user and every linked manager account. Remove anything unfamiliar. Then check the Change history to see what was altered and when. If manager accounts keep reattaching after removal, it usually means the attacker still has a foothold somewhere, often through a logged-in session or an authorised app you missed in Step 4.
If your account has been suspended because of fraudulent ads, you will need to appeal directly to Google. This is where having an experienced agency on your side genuinely helps. We have walked clients through this process and got suspended accounts reinstated.
Step 6: Check for Other Suspicious Google Account Activity
Once the immediate threat is dealt with, check what else has been touched. On your Google Account security page, look at Recent security activity. You will see logins, password changes, recovery email changes and devices added.
Also review:
- Gmail filters and forwarding rules (attackers love adding rules that auto-forward your emails)
- Recovery email and recovery phone number
- Google Business Profile managers
- Search Console users and permissions
- Shared Google Drive files and folders
If anything looks wrong, change it back. Update your recovery details to ones only you can access.
Step 7: Strengthen Everything Else
A compromised Google account is rarely an isolated event. If your Google login was hacked, assume the password has leaked elsewhere too. Run your email through Have I Been Pwned to see which breaches you have appeared in, and change passwords across any other accounts that used the same one.
Going forward, use a password manager so every account has a unique password, turn on 2FA everywhere it is offered, and keep an eye on your inbox for the genuine Google security alerts. If anything ever looks off, act on it the same day.
Need Help Recovering a Hacked Google Account?
If you have spotted suspicious activity, lost access to your Google Ads or had your account suspended, get in touch with us before it gets worse. We have helped clients recover their accounts, remove attacker manager accounts and lock everything down properly so it does not happen again.
Book a free 20-minute chat with the dijitul team and we will talk you through your options.
Hacked Google Account FAQs
How do I know if my Google account has been hacked?
Common signs of a hacked Google account include security alerts about sign-ins from unknown devices or locations, unexpected password reset emails, Gmail filters or forwarding rules you did not create, new manager accounts appearing in Google Ads, or your account being suspended for activity you did not authorise. Check Recent security activity on your Google Account page if you are unsure.
Why do removed Google Ads manager accounts keep coming back?
If you remove a suspicious manager account from Google Ads and it reappears, the attacker still has access somewhere. This is usually through an active signed-in session you did not log out, a third-party app you have authorised, or a recovery email or phone number they control. Reset your password, sign out of all devices, revoke unknown app access and review your recovery details to fully cut them off.
Is 2FA enough to keep my Google account safe?
Two-factor authentication is one of the most effective protections you can add to a Google account, but it works best alongside a strong unique password, regular checks of your security activity and limited third-party app access. For business accounts that control Google Ads or Google Business Profile, a physical security key adds another solid layer of protection.
Can dijitul help recover a suspended Google Ads account?
Yes. We have helped clients whose Google Ads accounts were suspended after being hijacked. We work through the recovery and appeal process with Google, clean out unauthorised manager accounts, and secure the underlying Google account so the same attackers cannot get back in. Book a free 20-minute chat to get started.
Leave a Reply