Hi all,

We have recently noticed some un authroised changes on our MCC. These are done smartly and in small drops such as deletion of some adgroups and keywords.

We suspect an ex employee whom had the old login details. We contacted Google and they investigated the changes. They did mention that due to the person loging in by our main login details it may not be seen as unauthorised actions!

I want to know if Google can maybe track the IP address of the changes made at a certain time frame. I dont think so? We do know where the person is in the world. Problem is dynamic IPs and proxy servers I guess. It is seeminlgy very hard to prove a case.

Can anyone advise something, I am becoming relectant to take anything forward due to legal costs.

Please help!!!!

I would advise that you change your passwords from time to time, especially after an employee leaves. Google can give the IP info but likely will not unless you first initiate legal action against the former employee (or against a john doe) and then subpeona the info from Google.

<added> If you know who is the persons ISP you could also work from that end.

Thanks...

The problem I am having is proving the changes are unathourised! As they were done by my login Google have said it is my responsibility to have chnaged it. By doing reasearch all they seen is 'me' deleting a few adgroups etc. This is not solid evidence for sabotage. Also even if they give me the IP it can be fought against me that a proxy was used and the IP forged for the persons location! A very complicated and difficult case to win I think!

Got this emailed confirmation from Google:

"This is a follow up call to our recent phone conversation. In response to
your queries, I can confirm that we do not release information such as
the
IP address or location of users that access your AdWords account.
Furthermore, if a person has been given your account login details and
they login to the account using these login details even if against your
wishes, Google would not be liable to cover the costs accrued as
essentially this access was authorised when you gave the login
information
to that person. Google is a self managed programme and you have the power
to manage all aspects of your account, you can change the login email
and/or password at any time. If you believe you have given access
information to a person whom you no longer wish to be able to access the
account, we strongly recommend changing the login information"

So I would advise everyone to be really careful with your logins!

We certainly learned our lesson.

If you use different logins you can go to "Tools" and "My Change History".

If you have a company (e.g. an Advertising agency of any size) and use an MCC, it is HIGHLY recommended that you each have your own login to access the MCC. And obviously do not share your passwords.

This means that when a person leaves the company, you do not need to change all your Google passwords.

If you only have one MCC master login, you could still go to Tools and check the MyChange History, to see what damages this ex-employee has caused. You can view by changes to ad text, campaign settings, keyword bid changes, etc etc.

I'm suprised Google did not mention this to you.