(Data from https://haveibeenpwned.com)
In late 2022, the music streaming service Deezer disclosed a data breach that impacted over 240M customers. The breach dated back to a mid-2019 backup exposed by a 3rd party partner which was subsequently sold and then broadly redistributed on a popular hacking forum. Impacted data included 229M unique email addresses, IP addresses, names, usernames, genders, DoBs and the geographic location of the customer.
My email and password were leaked and so my account was hacked on the 3rd of January. A new Google Ads account was created (again just like people in other threads with the same problem I have never used it before) and personal data was changed to an Indonesian address. A new Credit card was added (not mine). No campaigns were created with it. What really drives me crazy is how the hacker managed to bypass my 2FA. No mails, no notifications, nothing (The changes in the account were apparently made somewhere around 3 AM when I was sleeping). Also the time zone and main currency of the account were also set to Western Indonesian Time and IDR (Indonesian rupiah) accordingly, which makes all products in Google Play and some other sites appear in that currency. Google says that this can’t be changed and a new account with a new time zone and currency settings has to be created(which won’t happen because I have too many important things bound to my current mail). Can someone really help because I can’t find an answer anywhere, even though there are a lot of posts related to my same issue.