The Great Google Ads Hack of 2025 [E190]
Wed Feb 04 2026
Thanks to our Partners, Shop Boss and AppFueled
December 16th, Shop Marketing Pros’ Google Ads MCC was hacked — and what should’ve been a quick fix turned into an eight-day nightmare of lost access, fraudulent campaigns, and even attempted $500,000 account “preload” charges. Brian Walker and Hallie Wasinger lay out the full timeline (warts and all): what the hackers changed, why leaving them “view-only” mattered, how Google support handled it, and what it took to restore and stabilize dozens of client accounts. If you run Google Ads (or hire someone who does), listen all the way through for the hard-earned security upgrades and practical steps to protect your MCC and your shop’s payment methods.
Show Notes with Timestamps
Podcast Introduction (00:00:00) Brief intro to the podcast, hosts, and episode topic.The Google Ads Hack Begins (00:02:20) Timeline and discovery of the hack on December 16th, 2024, at around 2:30 AM.Immediate Response and MCC Explanation (00:03:11) How the hack was discovered, initial response, and what a Google Ads MCC is.How the Hack Happened (00:05:39) Discussion of phishing, weak Google 2FA, and how hackers gained access.Scope of the Breach (00:06:47) Number of affected accounts, types of accounts, and initial impact.Contacting Google and Early Damage (00:07:29) Brian contacts Google by 4:50 AM; minimal damage at this stage.How Hackers Maintained Access (00:10:15) Hackers downgrade admin access to view-only, allowing continued monitoring.Timeline to Regain Access (00:11:16) Hack occurred December 16th; access restored December 23rd after eight days.Tracking the Hackers’ Actions (00:12:15) Team tracks every change made by hackers during the eight days.Hackers’ Motives and Ad Spend (00:14:48) Hackers run fake medical device ads, spend about $15,000, and attempt large charges.Massive Unauthorized Charges (00:17:16) Multiple $500,000 and $50,000 charges attempted; client reactions and reversals.Client Communication and Stress (00:20:04) Notifying clients, handling overdrawn accounts, and emotional impact.Controlling What They Could (00:22:02) Accepting limited control, focusing on communication and tracking.Escalating to Authorities and Senators (00:22:48) Filing complaints with FBI, DHS, and contacting senators for help.Disconnecting LSA Accounts (00:24:35) Quickly disconnecting Local Services Ads to limit further damage.Impact on Client Businesses...
More
Thanks to our Partners, Shop Boss and AppFueled December 16th, Shop Marketing Pros’ Google Ads MCC was hacked — and what should’ve been a quick fix turned into an eight-day nightmare of lost access, fraudulent campaigns, and even attempted $500,000 account “preload” charges. Brian Walker and Hallie Wasinger lay out the full timeline (warts and all): what the hackers changed, why leaving them “view-only” mattered, how Google support handled it, and what it took to restore and stabilize dozens of client accounts. If you run Google Ads (or hire someone who does), listen all the way through for the hard-earned security upgrades and practical steps to protect your MCC and your shop’s payment methods. Show Notes with Timestamps Podcast Introduction (00:00:00) Brief intro to the podcast, hosts, and episode topic.The Google Ads Hack Begins (00:02:20) Timeline and discovery of the hack on December 16th, 2024, at around 2:30 AM.Immediate Response and MCC Explanation (00:03:11) How the hack was discovered, initial response, and what a Google Ads MCC is.How the Hack Happened (00:05:39) Discussion of phishing, weak Google 2FA, and how hackers gained access.Scope of the Breach (00:06:47) Number of affected accounts, types of accounts, and initial impact.Contacting Google and Early Damage (00:07:29) Brian contacts Google by 4:50 AM; minimal damage at this stage.How Hackers Maintained Access (00:10:15) Hackers downgrade admin access to view-only, allowing continued monitoring.Timeline to Regain Access (00:11:16) Hack occurred December 16th; access restored December 23rd after eight days.Tracking the Hackers’ Actions (00:12:15) Team tracks every change made by hackers during the eight days.Hackers’ Motives and Ad Spend (00:14:48) Hackers run fake medical device ads, spend about $15,000, and attempt large charges.Massive Unauthorized Charges (00:17:16) Multiple $500,000 and $50,000 charges attempted; client reactions and reversals.Client Communication and Stress (00:20:04) Notifying clients, handling overdrawn accounts, and emotional impact.Controlling What They Could (00:22:02) Accepting limited control, focusing on communication and tracking.Escalating to Authorities and Senators (00:22:48) Filing complaints with FBI, DHS, and contacting senators for help.Disconnecting LSA Accounts (00:24:35) Quickly disconnecting Local Services Ads to limit further damage.Impact on Client Businesses...