Google 'Looking into' Gmail Hack Locking Users Out with No Recovery

https://www.forbes.com/sites/daveywinder/2025/12/05/google-looking-into-gmail-hack-locking-users-out-with-no-recovery/

Comments

cube00Dec 6, 2025, 2:02 AM
You know it makes sense, so get that Google passkey set up now.

Unfortunately you'll be guided to storing those in your Google account too, so your everyday user will still get locked out, in some ways it's worse because a lot of sites will only accept a "recovery key", email confirmation is no longer enough (not that it matters if your GMail is also locked out)

phainopepla2Dec 6, 2025, 1:35 AM
> Ten years old being younger than the account had actually existed for, it is 12 years old apparently, might, you would have hoped, set off some Google alarm bells in these days of advanced AI protections, but no.

Good god what happened to editors?

ArrowmasterDec 6, 2025, 2:51 AM
This is on forbes.com/sites/, I'm pretty sure anyone can pay to post on it now.
dtdynastyDec 6, 2025, 12:33 AM
As someone who works in this space. A large org like Google often separates the feature work and counter abuse teams. The org structure leads to unintended feature consequences. It sucks when your trying to provide value to people and it's taken advantage of by bad actors.
bickfordbDec 6, 2025, 1:21 AM
I think the larger question is why are we all (or most of us?) still using Gmail? Why can't an average person host their own email server with open source software with straightforward security upgrades instead of trusting BigCo or the latest SmallCo?
LarrikinDec 6, 2025, 4:53 AM
Is there a self hosted solution that will allow me to back up all my Gmail emails including attachments? Something like paperless but for my old emails.

The constant pestering by Google to buy storage space has started pushing me to deleting everything more then a few years old as a stepping stone to leaving Gmail completely.

gruezDec 6, 2025, 1:28 AM
>Why can't an average person host their own email server with open source software with straightforward security upgrades instead of trusting BigCo or the latest SmallCo?

The average person isn't qualified to administer a server and would rather pay $1/month or whatever for a hosted solution.

pa7chDec 6, 2025, 1:24 AM
I think its fundamentally more difficult to host communications services where spam is possible and there is no auth/contact system in place before first communication can happen.
bickfordbDec 6, 2025, 2:02 AM
I'm not an expert in this area but from what I understand what was once novel content spam filtering is not at all novel now, there are easily trainable model strategies (BERT?) that get you to 99%.

A whitelist, auth/contact is ideal for messaging without spam and is more workable with a large federated group that can adopt an evolving open source protocol.

sys_64738Dec 6, 2025, 3:10 AM
Most folk don't know how or don't want to. A mail server is mundane to admin and most folk probably have higher priority things in their lives going on.
doubled112Dec 6, 2025, 1:26 AM
Do you mean average person around here? Or average person in general?

Too many unknowns and moving parts.

Have you ever worked with the general public and computers?

The average person was wondering why their wireless router needed cables. They did not update their computers for the entire time they owned them. Somebody else ignores big red text saying this will delete everything and hits next anyway, then wonders where their photo collection has gone.

I cannot believe the average person would be capable of registering a domain and configuring their DNS to point at this simple mail server they’re running.

If somebody else is taking care of all of these parts, I am not sure they’re really hosting it themselves.

Maybe we need a new protocol and we can replace all of this? How do we get everybody on board?

rolandogDec 6, 2025, 1:48 AM
Especially with all the codified footguns (or the "Tyranny of the Default" — as Steve Gibson would put it) where a lot of critical apps ship with very insecure defaults, and even a seasoned Dev that's an expert on one domain doesn't have time to muddle through the whole of man pages + mail archives + stack overflow threads for every option.
mr_windfrogDec 6, 2025, 2:28 AM
I think the biggest question is why most people are still using third-party email services like Gmail or Hotmail.

Why not register your own domain and use an email on that domain?

Nowadays, registering a domain is almost free, and you can fully customize your email addresses.

cr125riderDec 6, 2025, 2:38 AM
1) it costs more than nothing 2) the technical expertise to do that is way outside of most people

Who do you use as a mail host with your custom domain? A third party?

mr_windfrogDec 6, 2025, 4:23 AM
I see, you're right.
emerilDec 6, 2025, 2:40 AM
as someone who did that a long time ago - I largely regret it

granted, it gives me an out if my provider revokes my access (in this case, google) but the custom domain requires some headache to manage well - I wish I had just used a google account...

mr_windfrogDec 6, 2025, 4:24 AM
I hear you, makes sense. I've also struggled a bit with managing custom domains.
wakawaka28Dec 6, 2025, 3:13 AM
Technically having your own domains is superior, but it can be difficult to get past spam filters if you have your own domain. Not least because Google and Microsoft often automatically trash anything from custom domains. If you're ok with the delivery issues that can come with this setup, it's better. But personally I get really pissed off when my mail does not get delivered for any recipient.
mr_windfrogDec 6, 2025, 4:26 AM
You're absolutely right, ending up in spam is a real pain. I've run into the same issue myself with custom domains; even when everything is set up correctly, delivery can still be unreliable.