{"id":721699,"date":"2026-04-14T15:00:30","date_gmt":"2026-04-14T12:00:30","guid":{"rendered":"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/"},"modified":"2026-04-14T15:00:30","modified_gmt":"2026-04-14T12:00:30","slug":"google-ads-mcc-hacked-heres-what-to-do-immediately","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/","title":{"rendered":"Google Ads MCC hacked? Here\u2019s what to do immediately"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a29750caa577\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a29750caa577\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Heres_a_look_at_how_an_MCC_hack_unfolds_what_attackers_change_once_inside_and_how_teams_can_recover_access_and_clean_up_the_damage\" >Here\u2019s a look at how an MCC hack unfolds, what attackers change once inside, and how teams can recover access and clean up the damage.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#How_we_were_hacked\" >How we were hacked<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#What_happened_after_the_hack\" >What happened after the hack<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Step_1_We_contacted_Google\" >Step 1: We contacted Google<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Step_2_Fill_out_the_forms\" >Step 2: Fill out the forms<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Step_3_Contact_clients\" >Step 3: Contact clients<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Step_4_Reset_billing\" >Step 4: Reset billing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Step_5_Check_change_history\" >Step 5: Check change history<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Best_practices_for_recovering_from_a_hack\" >Best practices for recovering from a hack<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Make_sure_clients_have_access\" >Make sure clients have access<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Keep_your_MCC_clean\" >Keep your MCC clean<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Limit_team_access\" >Limit team access<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Use_credit_cards_or_invoices\" >Use credit cards or invoices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Invest_in_relationships\" >Invest in relationships<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#How_to_prevent_being_hacked\" >How to prevent being hacked<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Start_with_a_clean_reset\" >Start with a clean reset<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Enable_2FA_and_allowed_domains\" >Enable 2FA and allowed domains<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Audit_and_limit_access\" >Audit and limit access<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Enable_multi-party_approval\" >Enable multi-party approval<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Back_up_your_accounts\" >Back up your accounts<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Use_strong_passwords\" >Use strong passwords<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Invest_in_security_monitoring\" >Invest in security monitoring<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Stay_safe_out_there\" >Stay safe out there<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/buradabiliyorum.com\/en\/google-ads-mcc-hacked-heres-what-to-do-immediately\/#Topics_on_this_page\" >Topics on this page<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 class=\"subhead\" itemprop=\"alternativeHeadline\"><span class=\"ez-toc-section\" id=\"Heres_a_look_at_how_an_MCC_hack_unfolds_what_attackers_change_once_inside_and_how_teams_can_recover_access_and_clean_up_the_damage\"><\/span>Here\u2019s a look at how an MCC hack unfolds, what attackers change once inside, and how teams can recover access and clean up the damage.<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<div class=\"bialty-container\">\n<p>At midnight on Jan. 5, hackers took over our Google Ads Manager Account (MCC). We weren\u2019t alone. While it\u2019s hard to get an exact count, hundreds, if not thousands, of agencies have been affected by the hacks, in turn affecting tens of thousands of accounts.\u00a0<\/p>\n<p>While I wouldn\u2019t wish this experience on our worst enemy, having been through it, I have some insights that I hope can help you prevent the same experience from h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ening to your MCC account.<\/p>\n<h2 id=\"how-we-were-hacked\" class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_we_were_hacked\"><\/span>How we were hacked<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Despite having two-factor authentication (2FA) and allowed domains enabled, the hackers were able to get into our account via an employee\u2019s email address. It was clearly a targeted hack: the night of the hack, the hackers tried to get in via two other email accounts at our company before they succeeded with the third.<\/p>\n<p>While phishing or compromised passwords may have originally gotten them into the system \u2014 we still don\u2019t know which \u2014 we later learned that the account the hackers used had been compromised for months and that they had created their own 2FA that they had been using all along.<\/p>\n<p>Once they gained access to our account, the hackers removed everyone else\u2019s access to the MCC. They then changed the allowed domain to Gmail and granted access to over a dozen people. The hackers then created a new MCC in our company\u2019s name and invited most of our clients. Luckily, none of them accepted.<\/p>\n<p>In the few hours they were in the MCC, the hackers proceeded to create chaos. They removed all the users from some accounts and changed the payment method in others. They launched new campaigns on only a few accounts, yet somehow also attempted half-million-dollar credit card charges on two others (despite not running any ads in those accounts).<\/p>\n<div style=\"background: radial-gradient(circle at 30% 40%, rgba(184, 111, 255, 0.15), rgba(0, 169, 255, 0.15) 40%, #CDE8FD 70%); padding: 30px; width: 100%; max-width: 802px; color: #000000 !important; font-family: Arial, sans-serif; margin: 25px 0 30px 0; border-radius: 8px; box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1); position: relative; box-sizing: border-box;\">\n<div style=\"width: 100%; max-width: 100%; margin-bottom: 20px; text-align: left; padding-right: 20px; box-sizing: border-box;\">\n<div id=\"semrush-one-headline\" class=\"headline-responsive\" style=\"font-family: Oswald, sans-serif; font-size: 30px; font-weight: normal; margin: 0; color: #000000 !important; line-height: 1.2;\">\n        Your customers search everywhere. Make sure your brand <span style=\"background: linear-gradient(90deg, #D56EFE 0%, #068EF8 51%); -webkit-background-clip: text; -webkit-text-fill-color: transparent; background-clip: text;\">shows up<\/span>.\n      <\/div>\n<p id=\"semrush-one-subhead\" style=\"font-family: Roboto, sans-serif; font-size: 18px; font-weight: 300; line-height: 25px; margin: 12px 0 0 0; color: #000000 !important;\">\n        The SEO toolkit you know, plus the AI visibility data you need.\n      <\/p>\n<\/p><\/div>\n<div style=\"margin-bottom: 15px;\">\n      <span id=\"semrush-one-cta\" style=\"display: inline-block; background-color: #FF642D; color: white; height: 44px; border: none; border-radius: 5px; cursor: pointer; font-size: 16px; padding: 0 24px; font-weight: bold; white-space: nowrap; box-sizing: border-box; text-decoration: none; line-height: 44px;\">Start Free Trial<\/span>\n    <\/div>\n<div style=\"font-size: 12px;\">\n<div style=\"font-family: Roboto, sans-serif; font-weight: 300; color: #000000; margin-bottom: 4px;\">Get started with<\/div>\n<p>      <img loading=\"lazy\" width=\"400\" height=\"52\" decoding=\"async\" http: alt=\"Semrush One Logo\" style=\"height: 16px; width: auto; display: block;\" src=\"https:\/\/searchengineland.com\/wp-content\/seloads\/2025\/11\/semrush-one.webp\"><img loading=\"lazy\" width=\"400\" height=\"52\" decoding=\"async\" src=\"https:\/\/searchengineland.com\/wp-content\/seloads\/2025\/11\/semrush-one.webp\" alt=\"Semrush One Logo\" style=\"height: 16px; width: auto; display: block;\">\n    <\/div>\n<\/p><\/div>\n<style>\n  @media (max-width: 768px) {\n    .headline-responsive {\n      font-size: 30px !important;\n      line-height: 1.3 !important;\n    }\n  }\n<\/style>\n<h2 id=\"what-happened-after-the-hack\" class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_happened_after_the_hack\"><\/span>What happened after the hack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We were very lucky. The hackers were locked out within eight hours, and we regained access in just over a week. They spent only about $100 across the MCC. Neither crazy credit card charge went through. We were fully recovered from the hack within two weeks. How did we do this? Let\u2019s take a look at the steps we took.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-step-1-we-contacted-google\"><span class=\"ez-toc-section\" id=\"Step_1_We_contacted_Google\"><\/span>Step 1: We contacted Google<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>When we were hacked, we im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely contacted our reps at Google. We\u2019re incredibly lucky to have wonderful Google reps with whom we\u2019ve built longstanding relationships, including one we\u2019ve worked with for over three years.\u00a0<\/p>\n<p>These long-term relationships helped, and our reps went to bat for us. They continued to put pressure on the support cases until they were resolved and helped connect us to the resources we needed. Not everyone has their own reps, but you can also take these steps on your own.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-step-2-fill-out-the-forms\"><span class=\"ez-toc-section\" id=\"Step_2_Fill_out_the_forms\"><\/span>Step 2: Fill out the forms<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Our Google reps immediately directed us to their \u201c<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/support.google.com\/google-ads\/answer\/9355975?hl=en\">What to do if your account is compromised<\/a>\u201d resource. From there, we filed <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/support.google.com\/google-ads\/contact\/compromised_account?sjid=10603470929865370888-NC\">Account Takeover Forms<\/a>, alerting Google to the hack. We were directed to file a form for each of our accounts that had been hacked.<\/p>\n<p>We first filed one for our MCC, even though the form, at the time, said not to use it for MCCs. It looks like that language has since been changed, which is great \u2014 don\u2019t skip this step. Getting back into the MCC makes it easier to resolve all issues, rather than having to file tickets and coordinate access for each account.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-step-3-contact-clients\"><span class=\"ez-toc-section\" id=\"Step_3_Contact_clients\"><\/span>Step 3: Contact clients<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>At the same time, we directed any clients who still had access to their accounts to disconnect them from our MCC, and to grant access to a non-compromised email account. That way we were able to secure the accounts, work on them, and mitigate any damages immediately. We were also able to triage our accounts to figure out which we were still able to access, and which had no admins left with access.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-step-4-reset-billing\"><span class=\"ez-toc-section\" id=\"Step_4_Reset_billing\"><\/span>Step 4: Reset billing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Disconnecting from our MCC wound up being a very important step. That\u2019s because when our accounts were disconnected from the MCC, we were easily able to reset the billing by editing the payment manager and undoing all of the payment chaos that the hackers had created. We were then able to reconnect them without issue.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-step-5-check-change-history\"><span class=\"ez-toc-section\" id=\"Step_5_Check_change_history\"><\/span>Step 5: Check change history<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>When we eventually did get back into the accounts, we immediately checked the change history, which we were able to do at the MCC level for additional speed. All the changes the hackers made during that time were there with time stamps, allowing us to put together a timeline of the hack and remediate any remaining issues.<\/p>\n<p><!-- START INLINE FORM --><\/p>\n<p><!-- END INLINE FORM --><\/p>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-css-opacity has-cyan-bluish-gray-background-color has-background\">\n<h2 id=\"best-practices-for-recovering-from-a-hack\" class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Best_practices_for_recovering_from_a_hack\"><\/span>Best practices for recovering from a hack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>During all this activity, a few things were especially critical to our success in recovering the account and mitigating damage. Here\u2019s a quick rundown of best practices to keep in mind.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-make-sure-clients-have-access\"><span class=\"ez-toc-section\" id=\"Make_sure_clients_have_access\"><\/span>Make sure clients have access<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>This isn\u2019t just a best practice, but something we believe should always be the case for ethical reasons. Having additional admins in the account let us regain access immediately, despite being locked out of the MCC, and remediate issues without losing time or momentum.\u00a0<\/p>\n<p>Google also pushed back on any access or billing changes that didn\u2019t have approval from an existing admin, so having people still in the accounts was critical.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-keep-your-mcc-clean\"><span class=\"ez-toc-section\" id=\"Keep_your_MCC_clean\"><\/span>Keep your MCC clean<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Remove old clients, and any other MCCs for tools you\u2019re no longer using. We didn\u2019t do this, and wish we had. We\u2019ve made it a best practice for our accounts moving forward.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-limit-team-access\"><span class=\"ez-toc-section\" id=\"Limit_team_access\"><\/span>Limit team access<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Make sure your team only has the minimum access they need. Standard access is great. Admin access should be reserved for as few people as possible. The compromised account belonged to a junior team member who didn\u2019t need admin-level access.\u00a0<\/p>\n<p>This isn\u2019t to say they wouldn\u2019t have gotten in through a more senior team member\u2019s account \u2014 as mentioned, they did try to get in through several before succeeding \u2014 but it would have mitigated risk.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-use-credit-cards-or-invoices\"><span class=\"ez-toc-section\" id=\"Use_credit_cards_or_invoices\"><\/span>Use credit cards or invoices<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Never<strong> <\/strong>connect your bank accounts to your MCC. We\u2019ve heard of companies that have lost hundreds of thousands of dollars with this same kind of hack. Because our clients were all either on invoice or credit cards, the hackers couldn\u2019t quickly spend money in a way that hit their accounts.\u00a0<\/p>\n<p>As noted earlier, the credit card companies rejected the very suspicious half-million-dollar charges the hackers attempted to make, and notified the credit card holders. The clients we were invoicing were never charged, and everything was captured on the invoices before billing.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-invest-in-relationships\"><span class=\"ez-toc-section\" id=\"Invest_in_relationships\"><\/span>Invest in relationships<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It\u2019s important to invest in your relationships with your Google reps, and fellow agency owners. We remain incredibly grateful to all of the people who helped us, or even just commiserated with us along the way. This experience would\u2019ve been even more painful if we\u2019d had to go through it alone.<\/p>\n<h2 id=\"how-to-prevent-being-hacked\" class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_prevent_being_hacked\"><\/span>How to prevent being hacked<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>For those who have yet to be hacked, congratulations! Let\u2019s try to keep it that way.\u00a0Here are some things you can do to make it much less likely that this will ever happen to your accounts.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-start-with-a-clean-reset\"><span class=\"ez-toc-section\" id=\"Start_with_a_clean_reset\"><\/span>Start with a clean reset<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Begin by kicking every single user out of your account, and have everybody on the accounts reset their passwords. Make sure you log everyone out of every session they were in on every device.\u00a0<\/p>\n<p>Our hackers were sitting around auto-logging in and keeping their sessions open for over two months prior to the night they took over the MCC. If we\u2019d forced a reset and logged everyone off, we would\u2019ve removed their access without even realizing it.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-enable-2fa-and-allowed-domains\"><span class=\"ez-toc-section\" id=\"Enable_2FA_and_allowed_domains\"><\/span>Enable 2FA and allowed domains<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Make sure there\u2019s only one 2FA per person. 2FAs that use authenticators or physical keys are better than pinging a device. The hackers had created their own 2FA to get into our employees\u2019 accounts, and we never even had an idea that it was happening.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-audit-and-limit-access\"><span class=\"ez-toc-section\" id=\"Audit_and_limit_access\"><\/span>Audit and limit access<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Make sure the minimum number of people have the minimum access they need to the MCC. This reduces your risk.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-enable-multi-party-approval\"><span class=\"ez-toc-section\" id=\"Enable_multi-party_approval\"><\/span>Enable multi-party approval<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Google rolled out this new feature quite recently to help prevent account takeovers. Essentially, the feature requires that a second admin verifies any big changes before they happen. If you\u2019d like to read up on this feature, here\u2019s a great guide introducing multi-party approval.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-back-up-your-accounts\"><span class=\"ez-toc-section\" id=\"Back_up_your_accounts\"><\/span>Back up your accounts<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>You can copy and paste your accounts into your preferred spreadsheet app via Google Ads Editor. Make a habit of doing this periodically so that you\u2019ll always have a copy of how things were in case of a hack. With the backups, you can easily revert back if you need to.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-use-strong-passwords\"><span class=\"ez-toc-section\" id=\"Use_strong_passwords\"><\/span>Use strong passwords<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It\u2019s important to use unique passwords that aren\u2019t being used anywhere else. That way, if one site gets hacked, your MCC is still not at risk. We\u2019re still not sure how the hackers passed the initial password stage to be able to create their own 2FA.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-invest-in-security-monitoring\"><span class=\"ez-toc-section\" id=\"Invest_in_security_monitoring\"><\/span>Invest in security monitoring<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If you want to be extra careful, invest in security software and\/or a cybersecurity expert to monitor your system. We have now done this, and it\u2019s been amazing (and scary) to see how many phishing attempts have already been caught in the six weeks since we did it.<\/p>\n<p><strong>A note for clients: <\/strong>If you\u2019re a client and another team is managing your Google Ads, do not accept any Google Ads MCC access requests that you aren\u2019t expecting. Please make sure you always know who and what you\u2019re giving access to. When in doubt, double-check with the team that is managing your account. A little caution can go a long way.<\/p>\n<div style=\"background: radial-gradient(circle at 30% 40%, rgba(184, 111, 255, 0.15), rgba(0, 169, 255, 0.15) 40%, #CDE8FD 70%); padding: 30px; width: 100%; max-width: 802px; color: #000000 !important; font-family: Arial, sans-serif; margin: 25px 0 30px 0; border-radius: 8px; box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1); position: relative; box-sizing: border-box;\">\n<div style=\"width: 100%; max-width: 100%; margin-bottom: 20px; text-align: left; padding-right: 20px; box-sizing: border-box;\">\n<div id=\"semrush-one-headline-bottom\" class=\"headline-responsive\" style=\"font-family: Oswald, sans-serif; font-size: 30px; font-weight: normal; margin: 0; color: #000000 !important; line-height: 1.2;\">\n        See the <span style=\"background: linear-gradient(90deg, #D56EFE 0%, #068EF8 51%); -webkit-background-clip: text; -webkit-text-fill-color: transparent; background-clip: text;\">complete picture<\/span> of your search visibility.\n      <\/div>\n<p id=\"semrush-one-subhead-bottom\" style=\"font-family: Roboto, sans-serif; font-size: 18px; font-weight: 300; line-height: 25px; margin: 12px 0 0 0; color: #000000 !important;\">\n        Track, optimize, and win in Google and AI search from one platform.\n      <\/p>\n<\/p><\/div>\n<div style=\"margin-bottom: 15px;\">\n      <span id=\"semrush-one-cta-bottom\" style=\"display: inline-block; background-color: #FF642D; color: white; height: 44px; border: none; border-radius: 5px; cursor: pointer; font-size: 16px; padding: 0 24px; font-weight: bold; white-space: nowrap; box-sizing: border-box; text-decoration: none; line-height: 44px;\">Start Free Trial<\/span>\n    <\/div>\n<div style=\"font-size: 12px;\">\n<div style=\"font-family: Roboto, sans-serif; font-weight: 300; color: #000000; margin-bottom: 4px;\">Get started with<\/div>\n<p>      <img loading=\"lazy\" width=\"400\" height=\"52\" decoding=\"async\" http: alt=\"Semrush One Logo\" style=\"height: 16px; width: auto; display: block;\" src=\"https:\/\/searchengineland.com\/wp-content\/seloads\/2025\/11\/semrush-one.webp\"><img loading=\"lazy\" width=\"400\" height=\"52\" decoding=\"async\" src=\"https:\/\/searchengineland.com\/wp-content\/seloads\/2025\/11\/semrush-one.webp\" alt=\"Semrush One Logo\" style=\"height: 16px; width: auto; display: block;\">\n    <\/div>\n<\/p><\/div>\n<style>\n  @media (max-width: 768px) {\n    .headline-responsive {\n      font-size: 30px !important;\n      line-height: 1.3 !important;\n    }\n  }\n<\/style>\n<h2 id=\"stay-safe-out-there\" class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Stay_safe_out_there\"><\/span>Stay safe out there<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The good <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> is that Google knows about these issues, and is actively finding ways to tighten their systems to prevent hacks. In the meantime, I hope this article has helped make our loss your gain. With an ounce of prevention, you\u2019re likely to prevent a pound of pain.<\/p>\n<div class=\"ttd-topics-display\">\n<div class=\"ttd-topics-content\">\n<h5><span class=\"ez-toc-section\" id=\"Topics_on_this_page\"><\/span>Topics on this page<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<div class=\"ttd-topics-links\">Google AdsGoogleTwo-factor authenticationComputer securityGmailArtificial intelligenceDigital marketingGoogle AdSense<\/div>\n<\/div>\n<div class=\"ttd-topics-show-extra-button\">+4 more<\/div>\n<\/div>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/searchengineland.com\/google-ads-mcc-hacked-474172\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here\u2019s a look at how an MCC hack unfolds, what attackers change once inside, and how teams can recover access and clean up the damage. At midnight on Jan. 5, hackers took over our Google Ads Manager Account (MCC). We weren\u2019t alone. While it\u2019s hard to get an exact count, hundreds, if not thousands, of&#8230;<\/p>\n","protected":false},"author":1,"featured_media":721700,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/searchengineland.com\/wp-content\/seloads\/2026\/04\/Google-Ads-MCC-hacked-Heres-what-to-do-immediately.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-721699","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/721699","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=721699"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/721699\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/721700"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=721699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=721699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=721699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}