first 10 minutes: crisis mode
Disconnect Google session
Go to myaccount.google.com/device-activity and sign out all other devices immediately (if you still have access).
Check channel permissions
YouTube Studio → Settings → Permissions. Remove any unknown users (especially "Owner" or "Manager").
Revoke connected apps
myaccount.google.com/connections – remove any app you don't recognize that has YouTube scope.
🎬 access & brand accounts
- If you're locked out: Start at accounts.google.com/signin/recovery. Provide previous passwords, recovery email, and the date you created the account. This works for YouTube as well.
- Brand accounts trap: YouTube channels can be linked to a Brand Account. Check if your channel is a Brand Account – recovery is separate. Go to settings → "Advanced settings" → see "Brand Account".
- Recovery time: Google may take 3–5 business days to verify identity. Prepare proof (ID, channel description, original videos).
Hidden: If you ever connected a Brand Account, try recovering it directly at brandaccount.google.com/recover.
- Hidden managers: In YouTube Studio → Settings → Permissions, attackers often add themselves as "Manager" or "Editor". They can delete videos even without full Google account access.
- Deleted videos: Check "Content" → "Trash". Videos stay there for 60 days. Restore them immediately.
- Community tab: Attackers may post phishing links. Review and delete any unauthorized posts.
Official YouTube hacked channel flow: visit youtube.com/hacked – this is Google's dedicated form for creators. It will ask for channel URL, verification steps, and may require a video selfie or ID.
🎯 creator‑level threats (things most don't know)
- Attackers change AdSense payout settings. Check earnings.google.com – verify bank account and PIN.
- They may have added their own payment method. Remove unknown cards.
- Hackers sometimes claim your videos using stolen copyright. Check "Copyright notices" in studio.
- Review "Music" section for any unauthorized assets.
- If you used YouTube API, attackers might have stolen API keys. Go to console.cloud.google.com/apis/credentials and regenerate keys.
- Check for unauthorized bots commenting via your channel.
🔒 after you're back in
- Change Google password – use a strong, unique one.
- Enable 2FA – prefer Google Authenticator or hardware key.
- Check recovery phone/email – remove attacker's info.
- Review security events at myaccount.google.com/security-alerts.
- Private videos: Attackers may have changed your videos to "private" or "unlisted". Check visibility settings.
- Subscriber list: They sometimes unsubscribe real subs and add bots. Use analytics to spot anomalies.
- Blocked words: Check community settings for added profanity filters that hide comments.
things hackers do that you NEVER check
- Live stream redirects: Attackers set up fake live streams pointing to crypto scams. Check "Live" tab in studio for any scheduled streams you didn't create.
- Playlist manipulation: They add scam links to your playlists. Review all public playlists.
- End screens & cards: Attackers can add malicious links to end screens. Check "Editor" tab.
- Automatic translations: They change titles/descriptions in other languages. Review all metadata.
- Check AdSense for unusual activity – they may have redirected revenue.
- Review "Transactions" page for any payout changes.
- Monetization can be disabled by hackers – re‑enable after recovery.
- Hackers sometimes upload illegal content to get your channel terminated. Check "Channel status" for strikes.
- If you received a strike, appeal immediately with proof of hack.
YouTube‑specific: SIM swap risk
If your phone number was used to reset your Google account, you may be SIM swapped. Call your carrier, set a port‑out PIN, and remove your phone number from 2FA – use an authenticator app instead.
Contact carrier fraud dept
Enable Advanced Protection