Google Warns 3 Billion Users: 7 Days to Recover Hacked Gmail Accounts

Google has confirmed a sophisticated phishing attack targeting Gmail users, which exploited vulnerabilities to send convincing scam emails that appeared to originate from official Google domains. Hackers used OAuth applications and a DKIM workaround to bypass Gmail’s security filters, leading to some users being locked out of their accounts. In response, Google has rolled out new protections to shut down this method of attack and advises all users to set up recovery emails, primary phone numbers, and use security keys or passkeys for enhanced security. Importantly, Google states that users who have had their accounts compromised have a seven-day window to recover access, even if hackers change the password or recovery methods. The company emphasizes the urgency of acting quickly if an account is compromised, and reiterates that Google will never ask for user credentials or two-factor authentication codes via email. With billions of users affected globally, Google is urging strict adherence to its authentication and recovery protocols to minimize risk.