Close Menu
Alpha Leaders
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
What's On
Samsung Confirms Radical ‘Galaxy Buds’ Apple Threat

Samsung Confirms Radical ‘Galaxy Buds’ Apple Threat

8 July 2026
He went from working in a factory to being rich enough to retire at 32—but 3 decades later, this millionaire still works and takes public transport

He went from working in a factory to being rich enough to retire at 32—but 3 decades later, this millionaire still works and takes public transport

8 July 2026
Claude Fable 5 Extends By Five More Days. 10 Moves To Make Now!

Claude Fable 5 Extends By Five More Days. 10 Moves To Make Now!

8 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Alpha Leaders
newsletter
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
Alpha Leaders
Home » Gmail Hackers Have Control Of 2FA, Email And Number? Here’s What To Do
Innovation

Gmail Hackers Have Control Of 2FA, Email And Number? Here’s What To Do

Press RoomBy Press Room9 October 20248 Mins Read
Facebook Twitter Copy Link Pinterest LinkedIn Tumblr Email WhatsApp
Gmail Hackers Have Control Of 2FA, Email And Number? Here’s What To Do

Update, Oct. 09, 2024: This story, originally published Oct. 07, includes new advice about how attackers bypass 2FA protections and how best to mitigate these dangers before a hacker can exploit your Gmail or Microsoft 365 account.

Search any of the Gmail support forums online, from social media platforms such as the Gmail subreddit or the official Gmail community help from Google itself, and one question comes up time and time again: my Gmail account has been hacked, how can I recover it?

Disregarding the inevitable dodgy attempts at uncovering some magic way to hack into someone else’s account, the majority are still likely to be genuine requests for help. Take this example, published to the Gmail subreddit Oct. 06, which is analogous to many: “A friend of mine’s Google account got stolen. The hacker changed the recovery phone number and email address.” The poster explains that the friend in question had enabled two-factor authentication and asks if anything can be done to recover the account now, “or is he cooked?”

The good news is that it’s still entirely possible to recover a Google account even if, as in this case, the hacker has managed to evade or change most, if not all, the security and recovery protections that were in place. Even if, as the poster replied to one suggested solution, “whoever stole the account changed the recovery email and phone number to their own and disabled all other recovery methods.”

How To Recover A Stolen Gmail Account After A Hacker Changes Everything

Google does, despite the negative opinions of many people seemingly frustrated by the process, offer lots of help in recovering your Google account, even in the case of it being stolen by someone who has then changed your recovery details. Indeed, there’s a whole section of Google support devoted to securing a “hacked or compromised” account. I suspect that most people who say these steps don’t work haven’t followed the instructions provided by Google precisely and waited the allotted time for the process to complete.

It is advised to use a device that you have used before to access your Google account or check your Gmail or another Google service. The same tip applies to a familiar location from where you have previously accessed your Google account. Google recommends using the same browser, such as Chrome or Safari, on a laptop or tablet if your smartphone has been stolen and doing so from your home or work location. This can speed up the recovery process by aiding Google in verifying your identity.

You should also answer the questions about passwords as precisely as possible. This applies even if the hacker has changed your current password to lock you out of your account. “If you’re asked for the last password you remember,” Google said, “enter the most recent one you recall.” The more recent, the better, so use the one the hackers changed from. “If you can’t confidently recall any previous passwords: Take your best guess,” Google said.

You may see a message telling you your account is on a security hold. A delay is often put in place between making the recovery request and processing that recovery claim. While some people get annoyed by this, it’s a proactive measure so you should be patient. “Account recovery requests can be delayed for a few hours or a number of days,” Google said, “depending on a variety of risk factors.”

Google has also advised me that when it comes to users whose accounts have already been hacked and whose second-factor and recovery factors have changed, it’s possible to use the original information in certain cases. “Our automated account recovery process allows a user to use their original recovery factors for up to 7 days after it changes,” the spokesperson said, “provided they set them up before the incident.”

And finally, if all else fails and the account holder has a YouTube account up and running, many users have found that contacting YouTube support, including the by way of social media, has often resulted in them being given direct help to recover the account where all has appeared lost.

Here’s How Hackers Bypass Gmail 2FA Protections In The First Place

One of the problems highlighted by Gmail users seeking support in online forums is that the two-factor authentication protections that they have in place have been changed by the person who has hacked their Google account. This raises several questions, but perhaps the most pertinent is how that 2FA process was bypassed in the first place.

I recently reported that the developers of notorious info-stealer malware, including Lumar, Lumma, Meduza, Rhadamanthys, StealC, Vidar and Whitesnake, have all been releasing updates that claim to have bypassed Google’s cookie-stealing protections. Some stated that they could crack account 2FA in less than 10 minutes. This is despite Google having upgraded the protections found in Chrome 127 to include application-bound encryption, which, similarly to macOS and Keychain, encrypts data tied to app identity, introduced to combat just this kind of attack.

This theft of cookies from your browser, specifically session cookies, enables hackers to bypass your 2FA protections effectively. Owning a cookie that validates a user session after the 2FA step has already been completed gives the attacker complete control over that session—complete control to go and change your Gmail recovery options, 2FA, the lot. So, what can you do to mitigate this type of attack?

How Google Mitigates The Session-Cookie Infostealer Threat

A Google spokesperson said: “This type of attack is well known and we have built-in defenses, such as high frequency cookie rotation, device-bound session credentials, and risk-based re-authentication, that keep users safe. Additionally, the first line of defense against attacks like this is to use an operating system like ChromeOS that is secure by default, without known vulnerabilities for this type of malware.”

It is also wise to consider using passkeys, which Google is helping to drive the adoption of across online services, as these are “resistant to phishing and other online attacks,” Google said, “making them more secure than SMS, app-based one-time passwords and other forms of multi-factor authentication.”

It’s Not Just Google Users Who Are In The 2FA-Theft Crosshairs

I wouldn’t say it would be nice if only Gmail users were targeted by session-cookie attacks, although attacks against just one set of users might be easier to mitigate. The truth is that it’s not a pleasant experience whatever service you are using, and that includes, according to the latest threat intelligence reports, Microsoft 365.

A newly published report by security researchers at Sekoia has detailed yet another session-cookie stealing, two-factor authentication bypassing, adversary-in-the-middle threat. This one is called Mamba 2FA and deserves to be associated with the African snake whose bite is so often fatal, from what I have read.

Report author Grégoire Clermont describes how, in May 2024, Sekoia’s threat detection and research team were tipped off about a phishing campaign that appeared to be leveraging trust in Microsoft 365 with HTML attachments cloning M365 login pages. “The phishing pages were able to relay some methods of multi-factor authentication,” Clermont said, “at first, these characteristics looked like the Tycoon 2FA phishing-as-a-service platform, but further inspection found that the campaign leveraged a previously unknown adversary-in-the-middle phishing kit.”

That phishing kit is what has been given the Mamba 2FA designation.

By analyzing their own customer threat detection logs, Sekoia was able to determine that several had already been targeted by the Mamab 2FA campaign across many months, “suggesting a widespread threat.” And one that was, it turned out, being sold as a phishing-as-a-service package on cybercrime forums on the dark web. Sekoia has since discovered that both the phishing kit itself, and the necessary infrastructure that is needed to support it, have undergone several, and significant, changes.

As of October, the phishing kit will only display the Microsoft 365b login pages if it has determined that the browser in question does not have sufficient automated security protection, or the user isn’t running in any sort of sandbox. If they are, then Mamba 2FA is clever enough to redirect them to a Google 404 page instead.

If the user isn’t well protected, however, then Mamba 2FA will display one of four different credential-stealing options that imitate either Microsoft OneDrive, SharePoint Online, a generic Microsoft 365 login page or, perhaps surprisingly, a voice mail which then also displays a generic login. One thing is constant, and that is this is a threat that can steal session-cookies in order to bypass 2FA protections such as one-time codes or in-app notifications. “The stolen credentials and cookies are instantly sent to the attacker via a Telegram bot,” Clermont said.

Most worryingly of all, and evidence were any required as to why you should follow the mitigation advice already stated, is just how cheaply someone can enter the world of 2FA bypass. Using a subscription model, the Mamba 2FA service is available for use at just $250 for 30 days, a very low price when you consider the value of the data that could be accessed if an attacker is successful. That price includes access to a Telegram bot “that allows them to generate phishing links and HTML attachments on demand.”

Gmail Gmail account recovery Gmail security Google Google account recovery Hacker has changed my Gmail 2FA Hacker has changed my Google recovery address how to recover a hacked Gmail account How to recover a hacked Google account My Gmail has been hacked
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link

Related Articles

Samsung Confirms Radical ‘Galaxy Buds’ Apple Threat

Samsung Confirms Radical ‘Galaxy Buds’ Apple Threat

8 July 2026
Claude Fable 5 Extends By Five More Days. 10 Moves To Make Now!

Claude Fable 5 Extends By Five More Days. 10 Moves To Make Now!

8 July 2026
The Solutions Leaders Urgently Need

The Solutions Leaders Urgently Need

7 July 2026
Gyms Became The New Third Place And Venture Capital Missed It

Gyms Became The New Third Place And Venture Capital Missed It

7 July 2026
What I Learned From Six Months Of Using Agentic Assistants For Work

What I Learned From Six Months Of Using Agentic Assistants For Work

7 July 2026
NYT Connections Answers Explained: Wednesday, July 8

NYT Connections Answers Explained: Wednesday, July 8

7 July 2026
Don't Miss
Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

By Press Room27 December 2024

Every year, millions of people unwrap Christmas gifts that they do not love, need, or…

Exclusive: DeFi platform Azura launches after raising .9 million from Initialized

Exclusive: DeFi platform Azura launches after raising $6.9 million from Initialized

22 October 2024
Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

22 October 2024
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Latest Articles
The Solutions Leaders Urgently Need

The Solutions Leaders Urgently Need

7 July 20261 Views
Palantir CEO Alex Karp is wrong about Anthropic and OpenAI. But he has reason to be worried.

Palantir CEO Alex Karp is wrong about Anthropic and OpenAI. But he has reason to be worried.

7 July 20262 Views
Gyms Became The New Third Place And Venture Capital Missed It

Gyms Became The New Third Place And Venture Capital Missed It

7 July 20262 Views
Meet the former Goldman Sachs exec who became the America’s Cup Partnership’s first CEO

Meet the former Goldman Sachs exec who became the America’s Cup Partnership’s first CEO

7 July 20262 Views

Recent Posts

  • Samsung Confirms Radical ‘Galaxy Buds’ Apple Threat
  • He went from working in a factory to being rich enough to retire at 32—but 3 decades later, this millionaire still works and takes public transport
  • Claude Fable 5 Extends By Five More Days. 10 Moves To Make Now!
  • European Parliament members call for a probe of FIFA president Gianni Infantino over his Trump call
  • The Solutions Leaders Urgently Need

Recent Comments

No comments to show.
About Us
About Us

Alpha Leaders is your one-stop website for the latest Entrepreneurs and Leaders news and updates, follow us now to get the news that matters to you.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks
Samsung Confirms Radical ‘Galaxy Buds’ Apple Threat

Samsung Confirms Radical ‘Galaxy Buds’ Apple Threat

8 July 2026
He went from working in a factory to being rich enough to retire at 32—but 3 decades later, this millionaire still works and takes public transport

He went from working in a factory to being rich enough to retire at 32—but 3 decades later, this millionaire still works and takes public transport

8 July 2026
Claude Fable 5 Extends By Five More Days. 10 Moves To Make Now!

Claude Fable 5 Extends By Five More Days. 10 Moves To Make Now!

8 July 2026
Most Popular
European Parliament members call for a probe of FIFA president Gianni Infantino over his Trump call

European Parliament members call for a probe of FIFA president Gianni Infantino over his Trump call

8 July 20262 Views
The Solutions Leaders Urgently Need

The Solutions Leaders Urgently Need

7 July 20261 Views
Palantir CEO Alex Karp is wrong about Anthropic and OpenAI. But he has reason to be worried.

Palantir CEO Alex Karp is wrong about Anthropic and OpenAI. But he has reason to be worried.

7 July 20262 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • March 2022
  • January 2021
  • March 2020
  • January 2020

Categories

  • Blog
  • Business
  • Entrepreneurs
  • Global
  • Innovation
  • Leadership
  • Living
  • Money & Finance
  • News
  • Press Release
© 2026 Alpha Leaders. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.