Hackers Trigger Gmail Account Lockout Wave

In early December 2025, security researchers and news outlets reported a wave of targeted Gmail account lockouts where attackers change recovery options, blocking owners from regaining access. Forbes and others detailed use of credential stuffing, infostealer malware, and manipulated 2FA/passkey settings, with one dataset of 183 million exposed credentials cited. The issue raises operational and economic risks for individuals and businesses and prompts calls for stronger account protections.
Key Points
- 1Use credential stuffing and infostealer malware to hijack accounts and modify recovery settings.
- 2Enable attackers to bypass automated recovery, leaving users unable to regain access despite Google's guidance.
- 3Advise enabling app-based authenticators, passkeys, password managers, and trusted contacts to reduce lockout risk.
Scoring Rationale
High credibility, broad scope, and actionable mitigations drive the score, limited by incremental novelty rather than a paradigm-shifting vulnerability.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

