Welcome to WebmasterWorld Guest from

Forum Moderators: buckworks & eWhisper & skibum

Message Too Old, No Replies

My Adwords account was hacked

7:39 pm on May 3, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 8, 2005
votes: 0

Today I noticed that one of my ads was not running, it was showing an ad of a different affiliate.

I thought it was because the competitor increased the maximum cpc for that keyword so I increased it on my account.

A few hours later my keyword was still not showing and I decided to use the Ads Diagnostic Tool and it said something like "I didn't had an active ad group for that keyword".

I found that strange so I clicked the support button planning on sending an e-mail but then noticed that the Chat was available.

I explained the situation to the Chat specialist and he told me that the destination url for that ad was changed today.
I told him that I didn't change it and when I checked it I saw it was not my URL, I didn't know what that was. It was pointing to a different domain, to a framed page which was showing my ad and on the bottom frame it loaded some kind of a trojan!

To make things worse Google specialist told me that all my ads were edited today!

Every single one of my currently running ads URL was changed to this website's pages from 00:40 until 01:29 and I only noticed it at 10 o'clock.

I paused all my campaigns, changed my password (I admit it was weak in terms of security).

Now I have to change my links again meaning I will lose all my history (I had campaigns running without changes over a year now) which will bring my higher costs no doubt.

I have whois info of the owner of the domain.

What should I do?
- Contact Google and ask for the IP addresses of the logins to my account?
- Contact this guy's host and explain what he did?
- Try to track down the sponsor he's using in his website?

Your advice would be greatly appreciated.

Best regards,
Ricardo Ferreira

7:52 am on May 4, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 18, 2006
votes: 0

I guess is difficult to catch the hacker now because you have alerted him by changing your password and modifying back the ads.

Correctly, the Google support specialist should advise you not to change anything yet so that they can catch the hacker red-handed when it tries to login again. Now I'm afraid Google will find it resource intensive to locate the intrusion from all their server logs. However, you should still insist google IT security dept to look into this matter urgently.

If you are in US, you may wish to file a report at [ic3.gov...]


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members