Recovering a Hacked Google or Gmail Account

Someone got into your Google Account or Gmail — and you can often get it back.Your Google Account is the master key to a lot of your life: Gmail, YouTube, Google Photos, Drive, and the "sign in with Google" button on other sites. That's why a takeover feels so frightening — and why it's worth working through calmly. This guide shows you exactly what to do and what to tap, one step at a time. You don't need to be good with tech. Every tool here is free.

The single most important idea. Google account recovery is not a simple "email yourself a reset link" flow — it's an identity challenge. Google decides it's really you from a mix of signals: the device, browser, and place you normally sign in from, and answers only you would know. The practical effect is the good news in this whole guide: even if the intruder changed your recovery email and phone, that is not an automatic dead end.A familiar device or a session that's still signed in can still win the account back.

How to use this guide.Start at the top — the first hour matters most (Part 1). Part 2 walks the recovery flow itself. Once you're back in, Parts 3–7 help you lock the door, undo the damage, save proof, report it, and stop it from happening again. A note on screen names: the buttons below match Google's own instructions as of 2026; Google renames things often, so if a word on your screen looks a little different, pick the closest match. The "report it" steps in Part 6 are written for the United States — we say where to go elsewhere.

Part 1 — The first hour

Do these now — they matter most.

Step 1 — Is this a real break-in, or just a scare?

Some messages try to scareyou so you'll hand over your account. Tell the two apart before you do anything.

• Signs of a real break-in:you can't sign in even with the right password; your password, recovery email, or recovery phone changed and it wasn't you; there are sent emails, deleted emails, or new filters you didn't create; you got a genuine Google notice that a new device signed in or your settings changed; or in your Google Account under Securityyou see a device or location you don't recognize.
• Signs it's just a scare (a trick): someone is pushingyou to act fast — an email, text, or call telling you to "verify your account," click a link, or read back a code — while your account still works normally. Google's own rule: it will not call or email you out of the blue asking for your password or the codes it texts you.

One warning to save you grief: Google does nothave a phone line that recovers a hacked personal account, and it will never ask you to pay for recovery. Any "Google support" number you find that promises to get your account back is almost certainly a scammer. Don't call it. The real, free recovery flow is at g.co/recover.

Step 2 — If you can still get in anywhere, move fast.

If anydevice is still signed in to your account — your phone's Gmail app, a tablet, a work computer — use it before the intruder notices. Changing your password from a signed-in session is the fastest way to kick them out, because it signs most other devices out.

• On a signed-in device, open your Google Account → Security → Password and set a brand-new password you've never used anywhere else.
• Then open Security → Your devices → Manage all devicesand sign out anything you don't recognize.
• Can't change the password because the intruder already changed it? Go to Part 2 and recover the account first.

Part 2 — Get back in: the recovery flow

Start at g.co/recover, from a device and place you usually use.

Step 3 — Go to Google's account-recovery page.

In a browser, go to g.co/recover (it opens accounts.google.com's recovery flow). Enter your Gmail address or the phone number on the account, then follow the prompts. Google will try to confirm it's you with a series of questions — this is the identity challenge, not a single reset link.

Step 4 — Recover from a device and place Google already trusts.

This is the biggest single factor in whether recovery succeeds. Google's own guidance is to do the recovery:

• on a computer, phone, or tablet you've signed in on before;
• using the same browser (Chrome or Safari) you usually use;
• from a familiar place and Wi-Fi — for example your home network — not a brand-new device on a strange connection.

The reason: a familiar device and location is itself strong evidence you're the real owner, so Google is far more likely to let you back in quickly.

Step 5 — Answer every question you can — there are no wrong answers.

Google may ask for your last password you remember, when you created the account, recovery contacts, or a code sent to a device you still have. Work through all of it:

• Give your best guesseven when you're unsure. Google's guidance is that a wrong guess won't lock you out — answering more questions only helps.
• Use the most recent password you can recall, even an old one — it still counts as evidence you're the owner.
• If you're offered a code to a recovery phone or email you still control, use it. If those were changed by the intruder, skip that option and keep answering the other questions — see Step 6.

Step 6 — The "they changed my recovery email and phone" case.

Read this if the intruder swapped your recovery contacts.It feels like the door is bolted — but with Google it usually isn't. Because recovery is a familiarity challenge, a changed recovery email or phone is a setback, not a hard wall. Keep going:

• Run the recovery from a familiar device/location (Step 4) — that often outweighs the missing recovery contact.
• Answer every identity question (Step 5). The more you can confirm, the more Google trusts the request.
• If a still-signed-in session exists anywhere, recover from there (Step 2) and change the password — that signs the intruder out.

Step 7 — If Google says it needs time.

Sometimes Google can't confirm it's you on the spot — especially from a new device, or right after the password or recovery info changed. When that happens:

• Google may put your request under review and respond after a short period (often a few days). This delay is a security feature, not a rejection.
• After certain changes (like a new password or recovery number), Google can apply a brief waiting period before it lets more changes happen — this slows an attacker down too.
• Don't give up after one try. Come back and run recovery again from a familiar device; repeated, consistent attempts from recognizable context help rather than hurt.
• If recovery ultimately can't verify you, Google's only fallback is to create a new account — but try the steps above thoroughly first, and see the note from SleuthX below if you're still stuck.

Sources: Google Account Help — "Recover your Google Account or Gmail"; "Tips to complete account recovery steps"; "Why your account recovery request is delayed"; "Secure a hacked or compromised Google Account."

Part 3 — You're back in: lock the door

Do these in order so the intruder can't simply walk back in.

1. Set a brand-new strong passwordyou've never used anywhere else (Google Account → Security → Password). Changing it signs other devices out.
2. Sign out unknown sessions: Security → Your devices → Manage all devices, and sign out anything you don't recognize.
3. Fix your recovery info: in Security, make sure the recovery email and recovery phone are yours. Remove anything the intruder added.
4. Turn on 2-Step Verification(Security → 2-Step Verification) so a password alone isn't enough. Prefer an authenticator app or a hardware security key over text-message codes, and save your backup codes somewhere safe.
5. Add a passkey if you can — it lets you sign in with your face, fingerprint, or device PIN and is much harder to phish than a password.
6. Run Security Checkup at g.co/securitycheckup. It walks you through recent sign-ins, your devices, third-party access, and 2-Step settings in one place.
7. Review third-party access: Security → Your connections to third-party apps & services. Remove any app you don't recognize — an attacker may have left themselves a back door.

Part 4 — Undo what they did (Gmail especially)

A clever intruder doesn't just read your mail — they set up ways to keep reading it after you're back. Check each of these in Gmail.

• Forwarding: Gmail → Settings → See all settings → Forwarding and POP/IMAP. Remove any forwarding address you didn't add — that's a common way attackers keep copies of your email.
• Filters: Settings → Filters and Blocked Addresses. Delete any rule you didn't create — attackers often add filters that auto-delete or auto-forward password-reset emails so you never see them.
• Send-as / reply-to addresses: Settings → Accounts and Import. Remove any "send mail as" address that isn't yours.
• Recent activity: at the very bottom of Gmail, click Detailsunder "Last account activity" to see recent sign-in locations and sign out other sessions.
• Reset other accounts: because email is the reset point for almost everything, change the passwords on any account that used this Gmail address — bank, shopping, social — especially ones the intruder may have reset while they had access.

Part 5 — Save the proof (and the honest truth about deleted mail)

If you may need proof later — for police, a lawyer, a bank, or an insurer — collect it before you clean everything up.

• Take screenshots of anything that shows the break-in: the security alerts Google sent, unfamiliar devices under Security, rogue filters or forwarding rules, and any sent or deleted messages — make sure the date and time show.
• Download a copy of your data with Google's free Takeout tool at takeout.google.com. Your Security & Account activity records can show when and from where the account was accessed.

The honest truth about deleted email. If the intruder deleted messages, what you can recover yourself is limited:

• Still in Trash → you can restore it. Gmail keeps deleted mail in Trash for 30 days, then removes it for good.
• Emptied from Trash→ generally gone, with no self-serve undelete. Gmail has a "missing emails" troubleshooter, but it won't resurrect mail that was permanently deleted.
• Needed for a legal case → the only route is legal process — a preservation request plus a subpoena or court order, sent through police or a lawyer. That's also where a forensic examiner helps.

Part 6 — Report it

Reporting won't unlock your account — but it builds an official record and helps stop the criminal.

• FTC — report fraud: reportfraud.ftc.gov. The FTC shares reports with thousands of law enforcers and uses them to build cases.
• FTC — identity theft: if someone is using your identity (not just the account), go to IdentityTheft.gov or call 1-877-438-4338 for an official Identity Theft Report and a recovery plan.
• FBI — IC3: for internet crime, file at ic3.gov. Have ready any money details, dates, and anything you know about the criminal.
• Local police: file a report if you know who did it or a company asks for one — bring a copy of your FTC report.

Outside the United States?Use your country's version — for example the UK's Report Fraud (reportfraud.police.uk), the Canadian Anti-Fraud Centre, or Australia's Scamwatch and ReportCyber.

Part 7 — Stop it from happening again

• Use a unique password for your Google Account that you use nowhere else — a password manager makes this painless.
• Keep 2-Step Verification on, ideally with an authenticator app or a security key rather than text-message codes.
• Add a passkey— sign in with your face or fingerprint; it's far harder to phish.
• Keep your recovery email and phone current so you always have a way back in.
• Never click a "verify your account" link in an unexpected message, and never read a Google code out loud to anyone. When in doubt, type myaccount.google.com yourself.

Related recovery guides

This guide is part of a series. If a different account was hit:

• Recover a hacked Microsoft or Outlook account
• Recover a stolen Apple account (Apple ID & iCloud)
• Recover a hacked Meta account (Facebook, Instagram, WhatsApp)
• Recover a hacked Amazon account
• All account-recovery guides

If the break-in goes deeper than one account — drained funds, stolen identity, or an attacker who keeps getting back in — these SleuthX services can help:

• Account compromise recovery service
• Identity theft investigation

A note from SleuthX

This guide is free, and the steps above are everything most people need to get their Google Account back on their own. But because your email is the master key to so much else, a Gmail takeover sometimes isn't the whole story. If you're still locked out after working the steps, or you need to know what the intruder actually accessed, what they took, and whether they're still in— with evidence that holds up — that's a forensic investigation, and it's what SleuthX does. We don't access accounts on anyone's behalf and we can't promise a platform will restore access — that decision is Google's. What we can do is investigate the compromise, document its scope, and help you secure everything else. We're a digital-forensics firm; reaching out is optional and there's no charge to ask. Find us at sleuthx.ai or email quinn@sleuthx.ai.

Either way — you've got this. Work the steps in order, recover from a device Google already trusts, and don't share your codes with anyone.

Where this comes from

Every step, screen name, and timeline above comes from current official sources. All pages were opened and checked in June 2026; Google changes these flows often, so a button may have moved by the time you read this.

Google Account Help (support.google.com/accounts)

• Recover your Google Account or Gmail (entry g.co/recover)
• Tips to complete account recovery steps
• Why your account recovery request is delayed
• Secure a hacked or compromised Google Account
• 2-Step Verification
• Sign in with a passkey
• Security Checkup (g.co/securitycheckup)

Gmail Help (support.google.com/mail)

• Automatically forward Gmail messages (check for rogue forwarding)
• Create rules to filter your emails (check for rogue filters)
• Find & restore missing emails / Trash holds 30 days
• Google Takeout — download your data

Government

• Report fraud — FTC
• IdentityTheft.gov — FTC (phone 1-877-438-4338)
• Internet Crime Complaint Center / IC3 — FBI