If you suspect an account may be compromised, use the checklist below to ensure that your users' accounts (e.g. compromised/hijacked accounts) are secure. Work with affected users to complete the end-user Gmail Security Checklist.


Temporarily suspend the suspected compromised user account

  1. Suspend a user to prevent unauthorized access.
  2. Block access to G Suite by resetting the user's sign-in cookies.
  3. Investigate the potentially unauthorized activity and restore the account. You may also consider enrolling the domain in 2-step verification.
  4. Ask the affected user to review their recovery address and complete the Gmail security checklist.


Revoke access to the affected account

  1. Follow the steps in Reset a user's password.
  2. Revoke OAuth 2.0 tokens for the user.
    Some applications that use the OAuth 2.0 authentication method will stop accessing data after you reset a user's password. The user must login with their account name and new password to receive a new OAuth 2.0 token.
  3. Block access to G Suite by resetting the user's sign-in cookies.
  4. Remove App passwords that have been created by the user.


For full checklist about administrator security, kindly visit: Administrator security checklist