Google Ads account hijacked - no warning, no access

lucasvid

Woke up this morning to find my Google Ads account had been silently added to two manager accounts I've never seen before. No email, no popup, nothing. Checking the change history, three random email addresses I don't recognise were tweaking budgets and signing new service agreements. But here's the kicker - under Admin → Access & Security, only my team's emails show up. The intruders aren't listed there. They're ghosts operating through those manager accounts.

I'm staring at this like a retention chart that just flatlined at the 3-second mark. How is this possible without admin approval? Someone in the thread pointed out it's probably through a master manager account (MCC) that an admin authorised at some point - maybe a phishing attack, maybe a dodgy agency connection we forgot about. If you've ever used a marketing agency, that's a vulnerable entry point.

Changed every connected password immediately, removed all unnecessary admin users, and I'm waiting on Google Ads support. But the real panic is this: if I'm the account admin, why can't I edit budgets or service agreements anymore? Why can outsiders make changes without appearing in the access list?

Check your accounts right now. Look at your manager account list, your change history, your authorised users. Most damage happens because attackers sit inside longer than you'd think. Don't assume it can't happen to you - someone in the thread said 'you cannot get access without giving,' but clearly you can if you don't know who gave it. I'm still shaking over here.

funnelhacker

Losing money to an unauthorised access is the fastest way to destroy your ROAS. Here's what I've seen first-hand: when someone gets in through an MCC using the Customer ID, their email never pops up under "Access and Security." But the activity still hits Change History because the changes are pushed from the linked manager account. Audit that log immediately.

digitalnomad

That sounds suspiciously like an authorised MCC that an admin approved at some point - it won't show up on the regular user list.

🔑 Who holds admin rights? Someone had to approve that manager account. Phishing is the most likely culprit here.

🛡️ Immediate steps: change all passwords, even if you're not convinced yet. Make sure every admin - especially the account owner - does the same. I've seen breaches spread because one person's credentials got taken but no one else updated theirs.

📉 Clean up access: remove anyone who doesn't genuinely need to be in the account. The more people you have with permissions, the bigger the risk of something slipping through.

Support can be a slog, but keep at them - they'll eventually sort it out. Best of luck.

wordweaver

Honestly, the first thing I'd do is burn every password you've ever saved and go full inspector gadget on those account permissions. Attackers love to squat - most damage happens because people think changing one password is enough while the little buggers are still lounging around in the backend with a cup of tea. Check every single user, every linked email, every API token. Assume they're still there until you prove otherwise.

isa-ecom

can't believe how often this happens. you're right - access doesn't just appear out of thin air. someone, somewhere handed over the keys.

had a client last year swear they'd never shared their account, only to find out a former freelancer still had an old manager account linked. No bad intent, just a total oversight.

Have you ever worked with a marketing agency? because that's usually the weak link - they onboard their own team, then don't clean up after themselves. Worth checking any third‑party access under "account access" in the admin settings. nine times out of ten, that's your culprit

masoncollab

Had a mate deal with this exact nightmare over the weekend. First thing-check if you can still see any unfamiliar users in the account. If yes, kick everyone you don't recognise immediately, including any MCC-level access. then swap your passwords and turn on two-factor auth.

After that, raise a ticket with support, but also dig into the change history to see if someone used an API to optimise or tweak stuff without you knowing. They might've accidentally handed over MCC control while they were in there. annoying as hell, but sorting the access fast stops them from doing more damage.

harper-local

Screenshot everything immediately. Document every single date, rep name, and time you contact Google-call them out by name when they try to fob you off. Fill out the account recovery form right away, cancel the payment card, do it all in one go. They'll keep trying to add new users if you don't lock it down fast.

If you don't get a proper response inside 24 hours, chase it up-but don't be aggressive, just hold them accountable. The reps you'll deal with are ESL, so keep your messages simple and direct. They haven't had proper comms training, and frankly, they're not equipped for this. Expect months to get it sorted depending on how bad the breach is. My own account manager tells me this is happening far more often than it used to. Amex confirmed the same thing-breach after breach, just business as usual for Google's ad platform.

Never happened to me personally, but I've seen enough colleagues go through it. Gutted for you.

And to any investment bankers reading this: start asking hard questions about Google Ads account fraud. It's getting worse, fast. Enough that financials are probably being misrepresented. Full court press needed.

ranktracker

not being able to edit budgets as an admin? That usually means the "admin" access you've got isn't full admin on the billing and payments side. i've seen this happen where a colleague was restricted by manager account permissions and couldn't touch spend controls. In my experience it's nearly always a permissions/role mismatch, not some weird account glitch

harper-local

yeah, the audit log's the first place to check-shows every login and change. Saved me a headache when a client's account got hit last year.

wordweaver

classic selective enforcement. They let some accounts slide while hammering the rest of us. Makes you wonder who's actually running the show.