My Google Account was hacked, now I'm back up everywhere except my Linux machine

Ubuntu Support Template

Ubuntu Version

24.04.3 LTS

Desktop Environment (if applicable):

KDE Plasma

Problem Description:
I fell for one of those G_dD____d “invitation” messages supposedly from my sister and by the time I realized it, I had already given them my email address. A few minutes later, my Google account was gone. Using my wife’s computer I was able to reinstate it and have been busy scrubbing every bit of data (passwords, etc.) that were saved to Google servers. Of course I changed my Google password too. I am trying to get back up, successfully so on my IPhone and an Android tablet I have (from which I am typing this).

Now though, I find I cannot access the internet from any browser on my Linux box. My default brower is Chrome but, somewhat surprisingly to me, I cannot bring up any web pages in Firefox either. I can ping stuff like www.google.com and also do nslookup. So what do I do now? This is on a home network with a Google Nest router. No firewall or proxy has been setup on my network. What could be happening here?

Relevant System Information:
Screenshots or Error Messages:

What I’ve Tried:
Reboot does not help.

I haven’t yet tried rebooting my router because that would seem to be ruled out as my IPhone and my tablet connect successfully through it.

curl ``www.google.com works.
Update:
Here is an interesting factoid:

In an attempt to try anything at all, I decided to try to install another browser:

sudo apt install konqueror
It is being downloaded but at an agonizingly slow rate of speed! This seems to indicate that my Google Nest router has put some sort of block on my LInux box?

Update 2:
I decided to check my router from the Google Home app on my IPhone.Very weird results: Although it connects to my home network, it finds NONE of my devices, only my main router and my secondary access point.I have turned cellular data off on the IPhone to determine whether there is a wifi connection to the router. The Google home app works just as half-assedly as it did with cellular data on, so there is connectivity TO the router but apparently not THROUGH the router.

Before Posting:
Please check if similar issues have already been reported and resolved.

OK. I’ve determined that this isn’t a Linux issue at all.

It was a Google issue. Once Google realized that my account had been compromised, it shut down my Google Nest router.

I spent a couple of hours trying to get to “tech support” - a chat-only service - I’d tried to get them to call me, the robo-voice told me to press 1, which I did, after which it said I’d made no response. After three such “attempts” it hung up on me. So it was chat or nothing. At least it wasn’t AI chat.

Finally I got to chat with a knowledgeable-enough human, who eventually confirmed that Google shut down my router until it could confirm that my account was secure. Why the heck is Google in charge of whether my account is secure??

After maybe half an hour of this, I had an epiphany. I no longer wanted Google in charge of MY home network. I always hated the Nest router and its app-only management interface. Inside of two hours, I drove to Best Buy, parted with $250 for their two-router mesh system, drove home and set the thing up. It’s working.

I told Google I wasn’t interested in pursuing the issue further, that I was very angry with Google for putting me in this position, and that I would be buying a new non-Google router. She was very sympathetic with my situation and supportive of that.

Yes, I now have to change all my passwords and all that but I am capable of that and in charge of that, thank you very much for nothing, Google.

Why wouldn’t Google be in charge of that? It is, after all, their platform.

You might not be aware that Google is a favourite target of hackers and scammers. It’s a humongous problem, and Google has been taking tremendous effort to thwart them (with some success). Of course Google is concerned that your account was hacked. That’s a good thing, not a bad thing — in my experience, most big tech companies don’t care.

For future note, please go through all of your Google security settings. While there, ensure that you enable 2FA; print and keep safe your backup codes; check that your recovery email and recovery phone are up-to-date and verified; and, if you understand how passwordless authentication works, turn it on (“Skip password when possible”).

I’m saying the following:

1. If Google was THAT concerned about keeping me safe they would provide decent tech support instead of chat. They would not offer “phone support” set up deliberately to pretend that I wasn’t responding to their call-back robocalls, when, in fact, I was.
2. It is outrageous that they would disable my router until I talked to their “security experts”. It was far easier and well-worth the expense to buy a new router that they did not control. Given the weakness of Google Support that would have taken days without internet access instead of hours.
3. The Google Nest routing system seeks to take control of all the “Internet of Things” devices I may install. I deliberately have few of these. I recently purchased a full suite of new kitchen appliances. None of them need to have WiFi access, and I don’t find this particularly useful. I never set these up. For a couple of devices, where I find it useful, I do set up WiFi access. I don’t want this functionality, for the most part but the Google Nest system is geared to that.
4. I have always found the phone-app-only control for MY home network to be outrageous. Why no web console? I am capable of managing my own network and the “user-friendliness” they provide just gets in my way.
5. I do have 2FA installed and will look at securing my account further, following your suggestions. But I don’t want my email address and my home network to be connected so tightly.

I would also add that I see a big difference between concern with the security of my GMail account and concern with my entire Internet access; their presence in both the email market and the home router market allows them to control both. I saw no problem with their shutting down my email account until my bona fides could be proven; I had a BIG problem with their shutting down my access to the Internet through my router. If they are going to do that, then they have a strong obligation to maintain a decent level of customer support, which as I showed above, they do not do.

One final point I’ll make comes from a friend with a network management background and I think it points to the real problem with Google’s routers: a user has one password for everything Google, including their routers. If the hacker can somehow manage to get the user’s password he can get into the router as well as the user’s data. This may justify Google’s cautiousness in regard to its routers but the solution is to have different passwords for them. They don’t, so by buying a non-Google router and taking my Google router offline, I am helping Google protect the Internet.

I’m curious as to how this relates to an Ubuntu technical/support issue from the beginning?

Regardless of it being marked solved this is simply nothing more than you screwing up.

This should’ve never been posted here to begin with,your only issue was with Google.This had absolutely nothing do with Ubuntu or any OS for that matter.

Well, that’s unduly harsh.

You are correct that this ultimately proved not to be an Ubuntu issue as I said in my second post.

Initially, it seemed as though it might be, since the symptoms only appeared at first on a Ubuntu machine. But since other users felt the need to defend Google’s handling of the situation, and I disagreed, I responded. And if people continue to attack me for posting, I will continue to respond. I have no other desire to prolong this.

If the admins want to close this, I have no objection.

That tells me that you haven’t set up your security properly. If you have done so, a hacker would not be able to get hold of your account even with the password (unless you download malware, in which case all bets are off).

I’ve already given you instructions to improve your security. You can go one step further by getting a FIDO security key — you’ll need at least three for redundancy — in which case, even with malware, it makes things harder for a hacker.

You may be right and I was only speculating. I have no idea what actually occurred here on the backend other than from what I saw: within half an hour of my replying to the hacker’s message with my email address, Google began shutting my account down. I was then on a Google Meet call with my son and that connection went away in the middle of it. By using my wife’s computer I was able to get my account reinstated with Google and it worked on all computers except my Ubuntu box. I was able to recreate the Google Meet Call on the Android, not on the Linux box. Rebooting Ubuntu did not help. I never got that box to access Google correctly until I replaced the router, which I was thinking of doing anyway before all this happened, and then it worked immediately.

Do you have any speculations that would explain these symptoms? My suspicion at this point is that something looked fishy to Google and they shut down my account and my Google Nest router. I got the account back set up but not the router.

I’d not heard of FIDO before you mentioned it, so I looked it up. I am in the middle of a lengthy process of creating new passwords for all my stuff so I was intrigued by your reference - wouldn’t it be nice to avoid all of that?

But the references I looked at are all designed for a corporate setup with network admins controlling everything. I am a retiree and we’re talking about a Linux box, an Android tablet, and an IPhone on a home network. Do you have any links for setting up FIDO in such an environment? And finally, how would this work if, say, I’m trying to access my GMail from someone else’s computer?

Thanks for your input. I find the discussion interesting even if is a bit off-topic for this site.

I do. As I mentioned earlier, Google is somewhat paranoid about hacking, and for good reason — hackers and scammers love Google accounts (I don’t know why), and left unfettered, they create and steal millions upon millions of them to use to scam people.

The hacker must have started to use your account to try to hack your router (among other things), and the automated systems closed it down for protection. Failing to do that would have left your entire network at serious risk; the hacker could, for example, install themselves as a middle-man to spy on your online banking accounts.

In the Google Security settings > ,

Sorry, I pressed the wrong button before completing my reply!

In the Google security settings > Passkeys and security keys, you can add a new security key. The most famous one is Yubikey, but there are others such as Titan. As long as it’s FIDO-compliant, it will work.

You need at least three, because if you have only one and you lose it, you will lose access to your account!

I’m sure that there are YouTube videos showing how to use security keys for a Google account. I don’t use a physical security key, as I use my phone instead (but I also have backups in case the phone is unusable or unavailable).

The hacker must have started to use your account to try to hack your router (among other things), and the automated systems closed it down for protection. Failing to do that would have left your entire network at serious risk; the hacker could, for example, install themselves as a middle-man to spy on your online banking accounts.

This makes sense but for one thing: After reinstating my Google account, I was able to do that Google Meet call on my tablet, whose only Internet connectivity was through the router. So they didn’t shut the router completely down.

I also remember the messaging from Google earlier upon reinstating my account before the Google Meet call: it said my account was restored on my IPhone and Tablet; significantly, it did not mention my Linux box. However, that device’s connectivity to Google came back by itself once I replaced the router. It’s an interesting puzzle to determine why this set of circumstances occurred.

I’ve unmarked my second post as the solution as the question has morphed. Those users who objected have a point. When I originally posted it, the question was basically "how can I get my my Ubuntu system back working with my Google account. I “solved” that problem by buying a new non-Google router.

But questions remain in my mind and are now these:

1. Why, when Google reinstated my account after the initial hack, did they restore my Account on my IPhone and Android Tablet, but NOT on my Ubuntu box? There was specifically a message to that effect that listed only the phone and tablet as having been restored, which was true. Is Google less trusting of Linux as a source of hacks? Or something about the architecture of the Linux WiFi system.

2. If the router had been marked “suspicious” by Google, why did they allow access through it by my phone and tablet?

3. Why, once the router was restarted, was all access from any device blocked?

I don’t think that we here can answer on behalf of Google. They obviously had their reasons; either a solid reason based on cybersecurity research, or a mistake.