top | item 47056472

Tell HN: Attackers using Google parental controls to prevent account recovery

23 points| TazeTSchnitzel | 12 days ago

Someone I know just had their Google account compromised, but the normal recovery methods don't work for an interesting reason: the attacker has made the account into a "child" account subordinate to an attacker-controlled "parent" account. This apparently blocks the ability to use any of the Google account recovery methods (backup phone number or email address etc) without parental consent.

Apparently this person I know isn't alone, if you search you can find other people reporting they've been victims of this. And of course, Google support is nonexistent for ordinary users, so there's no real recourse. Let this be a warning about the consequences of ill-thought-out "child safety features"?

4 comments

muzani|11 days ago

I wonder if there's some hack here where you set yourself up as a parent account for a non-existent child so your account can't be childed.

ifh-hn|11 days ago

Let this be a warning of using a Google account for anything important full stop. Same for Microsoft, Apple, or any of the big tech companies.

Jeremy1026|11 days ago

So, what is your proposed alternative? Roll your own everything? Put your trust in a dozen small companies with no reputation?