Google Probes Attacks
Gmail Lockout Hack: Google Probes Recovery-Block Attacks
Google is investigating a phishing-driven attack that locks Gmail users out by adding compromised accounts to family plans as child profiles. Victims have a seven-day window for recovery, and experts recommend passkeys and updated recovery details to reduce risk.
Google has confirmed it is investigating an ongoing phishing campaign that is locking users out of their Gmail accounts by exploiting the platform’s family management system. Attackers who gain access through stolen credentials are adding compromised accounts to a family plan as a child profile, which restricts key account controls and blocks standard recovery options.
How the Attack Works
The method begins with credential theft, typically through phishing pages designed to mimic Google’s login flow. Once attackers obtain access, they immediately enroll the victim’s Gmail account into a family group that they control. Because child accounts are subject to parental restrictions, victims lose the ability to adjust security settings, remove themselves from the group, or initiate normal recovery procedures.
Limited Recovery Window
Google states that affected users have a seven-day window to regain access by responding to automated recovery prompts sent to their original recovery email or phone number. If the victim does not complete the process within that period, regaining access becomes significantly more difficult, often requiring additional verification steps.
Who Is at Risk?
Security researchers note that the exploit does not rely on a flaw in Google’s systems but on successful phishing. This makes the attack scalable, putting a large portion of Gmail’s global user base at potential risk. Any user who can be tricked into entering credentials on a fraudulent page is vulnerable to this takeover method.
Recommended Protections
Experts advise enabling passkeys or hardware-based authentication to reduce the chances of credential theft, as these methods are resistant to phishing. Users should also ensure their recovery email and phone number are up to date, since these details are essential for reclaiming access during the seven-day recovery window.
The Takeaway
The attack highlights how social engineering and misuse of account features can have major security consequences. Google’s investigation remains ongoing, but the company emphasizes that prevention hinges on avoiding phishing attempts and adopting stronger authentication methods.
Tags
Join the Discussion
Enjoyed this? Ask questions, share your take (hot, lukewarm, or undecided), or follow the thread with people in real time. The community’s open, join us.
Latest in Data Defense
Mini Shai Hulud Wormed Its Way Into GitHub
May 20, 2026
Shai-Hulud And npm In The Same Sentence?
May 20, 2026
Axios npm Package Backdoored in Supply Chain Attack
Mar 31, 2026
DarkSword: iPhone Exploit Code Is Now Public
Mar 24, 2026
Scam Messages Are Flooding WhatsApp and SMS Again. Learn How To Stay Safe
Mar 14, 2026
