> Google says they can't do anything to help me! They can't kick him off or disable my account, I just have to be harassed and blackmailed, and goodness knows what else.
Not kidding - How do we know you are not the hacker ?
In future please use 2F authentication otherwise there is really no way for anyone to tell who is the right owner.
> Not kidding - How do we know you are not the hacker ?
We don't. But we can assume that they aren't for the purpose of discussion. It seems more likely that a victim would post the OP's post than a perpetrator.
Google also doesn't, but they can say with increased confidence what the probability of the OP being a victim is.
But there's an even hard problem: say person A sells their Google account to person B, and does this with completely offline communications (offline wrt Google). To Google, this situation may look no different than a stolen account, at least for some period of time. But person A is a scammer, claims their account was stolen, and attempts to initiate a recovery process with Google.
This situation is the reason I virtually never perform account recoveries for players of my games. I also require users to use a third party login (like Google or Facebook) for their account, because I want as little to do with account management as possible.
Unfortunately it's true, I'm sorry to make it sound like a sob story, Ive had the worst few days with this. I offered everything including my ID, banking, anything I could provide,to confirm it really is my account.
Luckily I now have everything that's important.
My BS detector is at defcon 5. I'm betting this is a current or former boyfriend attempting to gain access to a account. Likely to do what has said to have happened.
Please see my current replies. I don't think I have an ex boyfriend who would be capable of this, morally or intellectually, I tend to have a type thats generally sh*t with computers like me haha
> Not kidding - How do we know you are not the hacker ?
I think usually it's obvious for someone who can see the account's recent activity. You can also design challenge-response type questions for the person claiming the account, that only they could know, within some reasonable confidence interval.
If he had any purchase history, address, real name (combined with govt ID), or phone number in their account history perhaps those would be means of authentication? Authenticating the true owner of a hijacked account is hardly impossible or even very hard. Google knows who people are without them even having to log into an account from their relentless hoovering of data.
We've been going through facebook recovery, it requires pictures of ID. Same way you do any KYC. They still have access to the phone that was connected originally as well but the attacker put in a swedish or belgium number (it says 046 but google shows belgium flag).
Yeah I am not sure, I assumed leading zero didn't matter. It had flag of belgium on google's screen but started with 046 which as you said, Sweden is +46. Maybe it's a Belgium number and starts with 046 and it hides country code.
They could just verify he knows the old password and controls the old phone number, and probably also has devices logged into or connected to the account.
Not kidding - How do we know you are not the hacker ?
In future please use 2F authentication otherwise there is really no way for anyone to tell who is the right owner.