I have (had) one account I use for a single, important, service but never post from. Having multiple accounts allow you to better organize your communication so it has been a good choice.
Yesterday I decided to connect Thunderbird to that account, using IMAP, but my password did not work. Hmm. Strange. So I went to a browser to try to log in and was met with a message that the account had been locked because of an unusual attempt to login. Using IMAP apparently triggered one of Google's systems and they locked my account.
Have you ever tried to unlock a locked account? I had not so to me it was all a new experience. First I got to answer my security question. Ah, problem. I don't use security questions since they allow someone to social engineer my account. Ok, it was possible to skip that one. Good. Next they asked for people I contacted from that account. Hmm, none since I only received mails there, without sending anything. None was not an option, so skip that one as well. Next they asked what other services beside mail was connected to that account... Ehhh, well, you can guess it. None. So skip that one too. Finally, "when was the last time you logged in and when did you create the account". Aha, real data! So when did you create your accounts? I tried searching through logs and I think I figured it out. At least when I created the account. Next! And then I got the answer. The data did not match. What data? I don't know. Were the dates off by a day? I tried a few other combinations. Tried to enter the email address of the people that have mailed me there. Nothing helped.
Apparently an account used as mine had not enough information for the automatic security bots to handle. This was the job for a real human. With one of those brains. So off to Google's support pages looking for how to contact a human. It is not easy, but finally I found an official email address. Phew. Off with a mail with as much data as I could possibly think of to prove the account belonged to me (except for the password of course). Better yet, it only took a few minutes for the reply to come. Translated:
Please note that e-mail sent to the address support-se@google.com can't be read or handled due to the large number of requests.
Apparently I'm not the only one that has been screwed by Google and need them to take action. Is this even legal? How does the police contact Google? How does the tax authorities contact them (just in case they were to actually pay taxes)? Why do they post an email address on their support pages that they will not read?
Last,very desperate, attempt, I work with people at Google, helping them (and us) with things and I asked them if they knew anyone that worked with accounts but none did. I do not know them well enough to know if they just did not want to get involved of just were not able to help but I suspect that they are as powerless as I am.
So basically I have the account name and the password. A combination I only know in the whole world, and I have done nothing wrong. Google will still not let me access the account which means that I at least temporarily lost access to the important (yes, money is involved) service. Ah, you say, you should have entered a security question. No, that is a terrible idea for security and Google themselves have stopped using them, except for old accounts, proving me right.
Lessons?
- Google are evil in the way that they care nothing for humans, only about data and money.
- Use mail servers you control or at least pay for (except for Google Apps, paying for that gives no service, only access to a few admin web pages).
- Always keep backup of everything you store in a Google account.
- If you are forced to use a security question, treat it as a secondary password because you might be forced to use it even though you have done nothing wrong.
Edit: Added two links for the "taxes" part.
Comments