A few days ago I posted about my disabled gmail account.
After a long, painful process, I was able to successfully recover the account.
Before you read this blog post, let me tell you that one of the things I discovered was
Google’s account recovery process is 100% automated! No humans involved at ANY level.
More on that below.
In getting my account back, I learned a LOT.
Here are the things I learned about my account
-
My account was disabled/deleted because a hacker got into it.
When I was finally able to recover it, during the “change your password process,” I found this:
So I at least know the account was hacked. The first thing the hacker did was change my password and the account recovery email addresses, so it would be really hard for me to get my account back. - The hacker also deleted my Youtube account and added 2 more of his own to my account:
Jerk.
I did manage to get my youtube account restored, but he deleted all the videos out of it and I can’t recover those. Good thing I make TONS of backups of things.
-
The hacker deleted all emails in my inbox (I had probably 15 emails from 10 people in my inbox, 5 of which were to remind me to do something).
If you were expecting a reply from me recently…sorry…your email got deleted.
Keep your inbox clean! -
I still don’t know how he got into my account. I had a very strong password. I can only think of 3 scenarios:
- a brute force password attack (unlikely)
- I used the same password somewhere else and he hacked into some other database that had that password (most likely). My own stupidity.
- I logged into my gmail account over an unencrypted connection on a public wifi network and he got my username/password (unlikely)
What I learned about Google’s account recovery system, and what it means to you!
I learned a couple awesome things about recovering a deleted google account during this process…a couple things Google doesn’t want you to know (or…things they don’t tell you).
- If you’re not prepared, forget it
If you’re not prepared to recover your gmail account and can answer the questions google asks, basically you can forget getting your account back. They ask obscure things nobody would ever know (not even you).
Here are 2 screenshots of the page they make you fill out. I took these so I could remember what I had put in. My personal info is blurred out.These are screenshots of the google account recovery pages
To recover your account, here’s my take on the difficulty:
- frequently emailed people – easy
- labels – slightly more difficult
- invitation url – difficult depending on how you got it
- all questions about orkut and blogger: if you answer yes they want to know the url of your profile and when you started using it – almost impossible to find
- 4 services you use – Impossible, unless…you have a backup of your gmail account in a searchable location like zoho mail.
I was able to find these things by searching through my zoho for things like “calendar,” “docs,” “orkut,” …
It still took a LOT of work. - Account creation date – Impossible without a backup
-
Google’s account recovery system is 100% automated!
No human will ever even see your account recovery attempt.
Don’t try to put identifying info into the fields for a human to look at. It will just hurt your chance of getting your account back.
You really just have to figure out how to give enough accurate info to get the computer to say “Yeah, this is over 80% correct, give the account back” or whatever percentage they have.
The reason I know this is: - How Google responds to your account recovery attempts
Google says it may take between 24-48 hours for them to reply to you.The first time I submitted the account recovery form I got an answer back in 44 hours.
It was a NO.
The second time I submitted the account recovery form it took 40 hours.
It was a NO.
The third time I submitted the account recovery form, it took 2 minutes.
It was a YES!Now, I don’t know this for sure, but here’s what this tells me:
- You submit your info to Google and a computer validates it against the data the computer knows about your account.
- If the computer matches the info and it’s correct enough, it fires off an email immediately to you saying “You can change your password now!”
- If the computer looks at your info and it’s not correct enough, it waits 24-48 hours before sending you an email saying “NO, you’re screwed for a while longer!”
If it were humans looking at the requests, why does it take so long to say no, but only 2 minutes to say YES! (I literally got an email from them within 2 minutes of submitting the successful request).
It’s done on purpose!
Google doesn’t want to give too many chances to people who don’t have the right info.
If you get a NO back from Google after submitting the account recovery form, and you don’t hear back from them within 15 minutes, start gathering more data to recover your account.
This whole thing was a big, painful, learning process.
Things I’ve learned and things I’d do differently
- Make backups of everything – I already had pretty good backups. In the future I’ll have rock solid backups.
- Prepare for the worst early – I was slightly prepared. Now I’ll be better prepared.
- Don’t use a free gmail account – I’ve since bought a domain and set up my email through google apps.
- If you want to migrate your email and your docs to another account, I highly suggest this email and data migration company, MigrationBox.com.
Their docs migration needs a little work (only try to move 100 docs at a time)
but their email migration is solid. It moved 175,000 emails of mine no problem.
I chatted with them for a while and they gave me a 40% off coupon for my readers:
JOHNSYNC 40% Off Coupon
What a lifesaver MigrationBox was for me. I now get all my old emails in my new email account. Everything seamless.
They’re also good for:- moving between gmail/google apps
- moving between just about any email service providers
- syncing email accounts (ummmm…backup anyone?)
- NEVER use the same password for your email, facebook, bank, anything else you care about – I now keep one “junk” password, and like 6 completely secure passwords that I don’t use anywhere else.
- This is a bit extreme, but I’m now keeping an email account that I use to sign up for everything. I won’t sign up for things with my real email address anymore. That way, my real email address isn’t out there in too many databases, and it doesn’t have any passwords associated with it in case I slip up somewhere.
The other email account just forwards to my main one so I still get all the emails. - UPDATE:This post on lifehacker by adam pash details a new security feature google is JUST NOW rolling out (they’re about a week too late for me…although I’m now using it).
Amazing…as I was going through this nightmare, I had wished google would have some sort of 2-step verification system.
I also wish lastpass had the same thing!
Maybe I’m a bit extreme.
Maybe not.
What I do know is that the internet isn’t going anywhere, losing your email account ISN’T fun, and hackers aren’t getting dumber.
It’s getting more and more common. I’ll try to stay ahead of the game from now on.
Please learn a lesson from my misfortunes and mistakes!
Thanks so much for the screenshots of the info we need to keep track of! You're right, some of the questions they ask would be almost impossible to answer.
Losing a gmail account even when used just as a personal email (non-business) would be horrifying, I can only imagine how hard it would be to lose when used for business.
It's a great reminder to make back ups and to write down key information about what Google asks if we ever need to recover an account. Thanks for posting it so we know what to keep track of!
John, after I read your post about GMAIL being deleted. I made the decision to use Outlook 2010 as my back-up and connected a pop3 to my gmail account, Ten proceeded to download 10gb of mail and now always have a local copy! (which is also backed-up online via mozy) Thanks for shaking some sense into us.. I would have been devastated to lose all my mail. Great post and congrats on getting your mail back!
Brent, when i tried to download email messages from Gmail via POP3 i only downloaded about 350 of them, while total numer of messages i have there is over 1200. Everytime i tried redownload, Outlook was grabbing part of messages, not all of them.
Do you know why is that? Maybe i need to download messages in segments?
It means that I bought a domain name (jonasmail.com) and set up the DNS so that google apps (http://www.google.com/a) can host the email. I still get to use the gmail client, but I own the email address.
Look at google apps for a better explanation.
Yes, it does.
I've had my previous email address on my domain host for like 9 years. They only have the last 1 year of emails. It looks like they've automatically deleted the rest of them. Worthless.
Also, on your domain host, it's not easy to have everything be searchable like it is on google.
Google has it's issues, but they also have some amazing tools, which is why I choose to still use them.
But what if someone used information in LastPass' to hack John Jonas' account? (less likely)
Almost impossible.
Lastpass stores all passwords encrypted (they come encrypted from my computer…this is one reason lastpass is so amazing) so even if someone got access to lastpass's database, the info wouldn't be very useful to them because it's all encrypted.
If someone got access to my lastpass account (on my computer) they would have better things to get at (like my paypal accounts).
hey john my gmail account is disabled , how can i enable it can u help me out
Gmail is rolling out a two-step verification system for adding security. Basically you log in log in as usual but you also enter in a code that is sent to you via an iPhone or Android app, SMS text message, or phone call. I think your browser will "remember" your code for 30 days if you choose but each time you log in using a different browser or a different computer it will require the code. You can get the low-down here:
http://lifehacker.com/#!5756977/set-up-googles-tw…
Now I understand what happened to my Twitter account. No matter how many times I ask Twitter to reset the password, they say they sent me an email but I never get it. How can I go about reclaiming my Twitter account? Thanks for the intel.
OMG! I cannot remember any of my past email registration, this is a great lesson for me it has definitely open up my eyes and senses. Thank you John for sharing! 🙂
That's a good lesson. I'm not sure if that's really the cause…but it's definitely something to be aware of.
Not likely. They don't have a lot to gain by taking over my accounts. They already know most of what's in my accounts.
Nope, I don't use "disposable credit cards." My guys have my AMEX card.
I trust them with it.
And, even if they did something dumb like steal some stuff, all I'd have to do is call AMEX and say "I didn't authorize these charges" and AMEX would take the charges back.
My wife had her purse stolen a while back. The person charged $1200 on 2 cards within an hour. We called both cards and they reversed the charges immediately.
Credit cards are incredibly safe.
You don't need to.
Go listen to the recorded webinar I did. It's free on replacemyself.com.
Just don't do something you're not comfortable with. If you don't feel comfortable giving them your credit cards, don't. If you don't want them in your email account, don't give them access. It's pretty simple.
Google just launched a two-step verification system that increases security to your Google accounts. Check out the article here: http://googleblog.blogspot.com/2011/02/advanced-s…
I just implemented it (takes just a few minutes) and feel much more protected against hackers. Of course, continuing with the back ups you mentioned are still recommended if there's any chance Google decides to nix your account!
Hi John, thanks for the 'heads up'. I've always used eWallet by Ilium Software, a non-web based solution. Never had a problem with being hacked. Sorry that you've had to go through all that. I hope more people take note and make their computers and mobile devices more secure. An email account is one thing but other banking and personal info is another.!
Hi John, please help me if you can. My email has been hacked and I have been through the google recovery process and keep getting rejected. Is it possible that the tool they use to verify cannot crosscheck the email addresses you have previously sent to, if the hacker has deleted them?
THANK YOU SO MUCH! took me five mins after so much hell! thank thank you!
Enter text right here!Respected sir
I'm using gmail for my mails. one day as usual i'm trying to login my gmail account, it's showing that id is disabled,
now my question is how to activate the disabled gmail account.
shyammumic995@gmail.com
thanking you sir,
Dear ALL:
Can anyone help?
My cousin changed password on 8/22/11. Next day, she still used old password. Her Gmail account was disabled by using old password. She tried all kinds of Google forms/helps to get it recovered but, in vain. I followed your post to try it. It still did not work either. She has a lot of pictures/files in the Gmail account. Although it is a free e-mail, Google should give her warning before they disabled her Gmail account. Therefore, she can transfer all my pictures/files out of Gmail.
Do you have any other tips to get her Gmail account recovered? I tried to call Google @ 650-253-000 and faxed to Google 650-253-0001. I also tried it in Google survey, Google investor Relation (IR). None of them are working. I also open a post. But none of them are working. Please help! Thanks a lot!
Hamilton
My Google account not recover from last 1 month- Email. ID- Jitender786js@gmail.com
Hi,
my google a/c is hacked. even my security related question, mail, and mobile number are changed. I tried in the ways but i failed..
So plzzzzzzzzzzzzzzzzzzzzz i hope you will help me out for getting google a/c back….
Hi,
my google a/c is hacked. even my security related question, mail, and mobile number are changed. I tried in all the ways but i failed..
So plzzzzzzzzzzzzzzzzzzzzz i hope you will help me out for getting google a/c back….
My age is 12 and it showed i am 1 year old less. So it will be disabled in 29 days. What shall i do???
If not disabled yet, please create more e-mail accounts in Yahoo, AOL, hotmail (Live), MSN, etc. You can send e-mails to yourself to store your own data, pictures, etc. The best way is to store it in external drives. The best way to send e-mails is to send and CC yourself twice. Hope it will help!
John: I've been through the "long form" twice and each time it came back "undeliverable" e.g:
Delivery to the following recipient failed permanently:
higgins-prod-landing@google.com
Technical details of permanent failure:
Message rejected.
Don't know what to do next.
Thank you very much for this amazing article (and the last one about your deleted Gmail-account). Here is now the list I use to secure and back up my things:
– Gmail's 2-step verification system (since now)
– Forward all my eMails to a new yahoo.com Email-address, so that my incoming emails get backed there up (since now)
– LastPass (since now)
– Carbonite to back up my files from my computer (since 10 month)
– Backupify to back up my Gmail (since now)
Again, thank you very much for this amazing article and tips! And NO, you are NOT too extreme with this!
my id is hack ,aaisha011@gmail.com,.in which 2 step verification ,……i forgot my security question and my recovery email is that my email is (aaisha011@gmail.com),…plz tell me other ,.how iwill get back my id password ,……………plzzzzzzzzzzzz
hello i dont know if someone can help me out, my email is paulwt8@hotmail.com, i had my google account with everything in it completely disabled. i was blogging, i had 2000 vidoes stored in youtube plus i had adsense. the n i put a gmail account and two days later everything got disabled. i have tried account recovery process but nothing has haappened. so its a real mystery in case anybody can help id appreciate it. my email is paulwt8@hotmail.com also i will add that ive tried everything ffrom google posts in all sections of every forum and accoutn recovery you name it ive done it. hope someone can help thank nyou
My children enjoy your site and so do I. Im a big kid at heart.
I discovered your blog website on google and check a number of of your early posts. Continue to keep up the very good operate. I just extra up your RSS feed to my MSN News Reader. Searching for forward to reading more from you afterward!…
Hello! ddkfabe interesting ddkfabe site! I’m really like it! Very, very ddkfabe good!
This is a topic close to my heart. Cheers, where are your contact details though?
terrific stuff! i like to read this sort of stuff every day
Great stuff. This is a successfull website that every person should try and model their very own on. Superior perform keep it up.
quality post, I’m sharing it on FB!
This web site can be a stroll-by means of for all the data you wished about this and didn’t know who to ask. Glimpse right here, and you’ll definitely discover it.
Greetings thanks for great put up i used to be looking for this issue survive 2 days. I will search for following valuable posts. Have pleasurable admin.
Glad I noticed this on google .
Do you have a spam problem on this site; I also am a blogger, and I was curious about your situation; many of us have developed some nice procedures and we are looking to trade strategies with others, why not shoot me an email if interested.
Oh! And less than 1% of account people "claim" were "hacked" aren't … Actually, none are ever "hacked", people usually fall victim to "hacking" through some sort of phishing scam… You can unknowingly gave your login info to someone (basically giving them permission to hijack your account).
Hi everybody,
Can you'll please me,
My g mail account i been deleted by someone, it is my official id, i don't how to recover my g mail account now.
im expecting someone to help me…..
We can hack/recover any email address.Send us a mail for all your hacking problems “zilchex@gmx.com”
my google account closed
My gmail account is disabled n my android ph is locked.I'm unable to use my cell ph cause my gmail account is disabled. Help please…
My gmail account is disabled for the reason that i don't know pleas help me, i loss a lot of contacts
Google disabled my account for violation of rules and regulation.
Can someone help on how to re-activate it and I will always obey their rules and regulation going forward.
Reply to topeorekoya2003@yahoo.com
Well, all this rehotoric is very interesting, but how do I get my gmail account back, any one know?
Without any information my gmail account has been disebled
Why hep-pend like this.
How did you get the google account recovery pages/forms?
disabled gmail account
Dear
My gmail accounts is disabled, How i can enable my gmail. account.
Please advise me. Soon
please help how i can recover my account. Am soo desperate
My gmail account has been disabled and this is the response that I get.
Account Recovery is not available for your account.
Any suggestions as to what I can do?
After reading the above comments, seems like google doesn't know what they are doing. Thank God I don't have a phone or you would have screwed that up too. Wonder if threatening a class action law suit would wake you up to all the damage you've done.
A class action sounds good! I can't access my account despite the 2-way verification codes AND Security Key, i.e. USB which I had to purchase. I have extremely sensitive info in my mail and am so outraged.
Google is completely hopeless. Their account recovery form is a joke. They locked me out because of a malfunction in their own system! No amount of work on my part will get it vack
how can you go through your emails if you can't access your account
unblock my account
Did you get the account back or not? Because if you did pleas let me know because my gmail account has been disabled and i need it back ASAP. Thank you/