Courses Book Blog Newsletter About Jyll Contact

How to Protect Your Google Ads Account - And What To Do If You Get Hacked

google ads Feb 19, 2026

By: Jyll Saskin Gales, Google Ads Coach

Imagine waking up at 3:00 a.m. to one of the worst phone calls a digital marketer can receive: Your Google Ads Manager Account (MCC) has been hacked.

For Adina Z at Napkin Marketing, this wasn't a "what-if" scenario. Despite having two-factor authentication (2FA) and allowed domains enabled, hackers managed to infiltrate her agency’s account—an account that had been a Google Partner for over a decade. Similarly, Alex Melen of SmartSites shared that it took only three minutes for hackers to remove all his employees and clients from thousands of accounts.

If you think your account is hack-proof because of a password or 2FA, it’s time to think again.

 

How Sophisticated Hackers Are Seizing Google Ads Accounts Today

Hacking isn't just about weak passwords or fake domains anymore. We are seeing a new wave of sophisticated "shell" attacks.

The Audit Phishing Scam

Marc Walker, Founder at Low Digital, highlighted a common entry point: a genuine-looking email requesting an account audit. The hacker sends an access invitation with perfect Google branding. When you click "Accept," you are redirected to a page that looks exactly like a Google login.

As you type your password, the hackers mirror it on the real Google site. When Google sends a 2FA prompt to your phone, the fake site asks you for it. You tap the number on your real phone, thinking it’s for your login, but you’ve actually just handed the keys to the hacker.

 

NEW: The Multi-Party Approval Security Feature

Since recording my latest Inside Google Ads podcast episode about this topic, Google released a very welcome major security update that every agency needs to know about: Multi-party approval (MPA).

This feature acts as a "two-key" system for high-risk changes. When MPA is enabled, sensitive actions—like adding new users, removing existing users, or changing user roles—require a second administrator to verify the change before it goes live.

How it works:

  • When a high-risk change is initiated, all eligible admins receive an in-product notification.

  • The second admin has 20 days to approve or deny the request.

  • If no action is taken within 20 days, the request expires and the change is blocked.

This is a massive step forward in preventing a single compromised admin account from taking down an entire MCC. Still, there are some small but important steps you can take to ensure it never needs to go this far.

 

How to Keep Your Account Safe from Hackers - Do This Now!

While new features help, your manual habits are your first line of defense.

  1. ALWAYS log in to Google Ads using this method, and nothing else: Never search for "Google Ads login" or click links in emails. Instead, log into your Gmail, Google Workspace email or Google Calendar first. Click the "nine dots" (Google Apps icon) in the top right, and select Google Ads from there.

  2. ALWAYS grant access from within the Google Ads interface: If someone requests access to your account, don't click the email link. Log in via the Safe Method mentioned in step 1, then go to Admin > Access and Security, and manage requests directly within the platform.

  3. Audit Your Admin Access: Reva Minkoff, Founder at Digital4Startups Inc., suggests that clients should always have admin access to their own accounts. This provides a "back door" to kick out a compromised manager account if needed. You should check in on your Access and Security on a quarterly basis if you're a business owner, and on a monthly basis if you manage Google Ads on behalf of clients.

     

What to do if your Google Ads Account gets Hacked

If you find yourself compromised, persistence is your only tool.

  • Be Loud: Josh Day, Head of PPC, notes that persistence is 100% necessary. Contact support daily through multiple threads.

  • Billing Protection: If you pay by credit card, cancel it immediately. However, as Craig Skalko of Lost & Found Marketing notes, if you use monthly invoicing, you cannot simply "stop" the charges. You will have to document everything and fight for a refund later.

  • Communicate Immediately: Tell your clients the second you suspect a breach. It is terrifying, but it allows them to remove your access and protect their own accounts before the damage spreads.

  • ...but please do not contact me! I already receive a lot of messages from business owners and agencies who want my help recovering a hacked account. While I sympathize with the struggle you're in right now, there is nothing I can do to help you personally! Everything I know is included in this article, and I will keep this article updated as I learn new information that can help you.

 

If you do get hacked, do not blame yourself. These hackers are professionals, too.

Stay vigilant, use the new Multi-party approval features, and always use the "Safe Login" method. I'll keep this post updated as new information and security features become available.

Stay safe out there.

 

Free Google Ads newsletter

Join 8,000+ business owners and marketers discovering my secrets to Google Ads success. Subscribe now for proven tactics in your inbox every other Tuesday.

Jyll Saskin Gales

Google Ads Coach

Jyll is a Google Ads coach, consultant, teacher, content creator, author, speaker and podcast host. She worked at Google for 6 years and has helped optimize more than 10,000 Google Ads accounts over the last decade.

Book a call with Jyll

Recent Posts by Jyll

How to Protect Your Google Ads Account - And What To Do If You Get Hacked Feb 19, 2026
When to use Keyword Planner, Performance Planner, Reach Planner in Google Ads Feb 16, 2026
Is Google Ads Fighting You? Here is What Those "Limited" Warnings Really Mean Feb 16, 2026

Article Categories

All Categories account audit ad creative ad formats ads audiences b2b bidding budgeting competition ecommerce facebook ads gml2025 google ads google ads course google ads for beginners guest expert inside google ads jyll's strategies keywords lead generation metrics performance max sem seo study targeting tools video

Ready to master Google Ads once and for all?

I’m Jyll Saskin Gales, your Google Ads Coach. I worked at Google for 6 years, bringing the best of Google's insights and ad products to the world's largest and most sophisticated advertisers. Now, I’m a Google Ads coach, consultant and teacher, working with business owners, marketers, agencies and freelancers.

I founded Inside Google Ads to make Google Ads training accessible for aspiring and experienced practitioners. My signature Google Ads training program, Inside Google Ads, is the right fit for most business owners and marketers. If you have zero marketing experience and want to ensure you understand all the jargon and terminology first, Google Ads for Beginners will get you ready in just a few hours.

Feel free to contact me with questions.

 

Inside Google Ads

Become a Google Ads Expert. Let an ex-Googler show you how to make Google Ads work for your business. In this program you’ll learn insider tips for Google Ads success from Jyll, and get the confidence to handle any campaign, budget, or target independently and successfully. With more than 100 video tutorials, plus access to an exclusive live monthly meeting, Inside Google Ads is what you need to take your Google Ads campaigns to the next level.

$79.00 USD every month

Google Ads for Beginners

If you want to make money from Google Ads but you don't know where to start, this course is for you. In just 3 and a half hours I'll guide you step by step through everything you need to know to successfully launch your first Google Ads campaign, explained with clear & simple language.

$295.00 USD