I want to start by saying that I haven’t encountered this myself. Maybe I’m lucky.
Nonetheless, this is a very cool feature on Google’s part. Watching out for account theft like that is a very interesting and positive thing and I applaud Google for taking the initiative to understand what may and may not be a legitimate login for an account.
That said, what really happened here?
Become a Patron of Ask Leo! and go ad-free!
Cracked passwords
We can’t know for sure what really happened here, but Google probably wouldn’t notify you unless there was a real concern that somebody logged in with the correct password, and I’d treat it as such.
The issue is that there are constant attempts to access accounts. Most go unnoticed because they’re on the server side of things, a side of the internet you probably don’t see.
I, on the other hand, do manage servers and email accounts for some of my domains and I see this constantly. In fact, I see so many login attempts across so many email addresses that do and don’t exist that it’s actually quite frightening. Fortunately, I’ve taken several security steps on those servers to make sure that none of those bogus attempts are successful.
Basically, people who do this organize very slow, but extremely persistent brute force attacks where they’re taking random, best-guess, or common passwords and just trying to login to see what works.
Like I said, that’s happening all the time. Because you’re not receiving any notifications normally, you can assume with this recent message from Google that something reached a threshold. Somebody probably got your password correct.
Whether that really happened or not, it’s best to assume that they really did.
First things first
Change the password. In fact, review the article that I wrote awhile back, “Email hacked? The 7 things you need to do now.”
You may not need to do all of the things I recommend since Google blocked the login and the individual presumably did not get in. Nonetheless, the things in that list are worth paying attention to now because it’s possible that somebody may have had your password.
There’s also the possibility that it wasn’t really from Google, but a phishing attempt. (http://glossary.askleo.com/phishing/)
I get such things all the time, supposedly from my bank, credit card, etc. etc. etc. (Though I must admit I’ve never gotten something like the original message being asked about.)
Of course, unless you know it’s a phishing attempt, changing your password might not be a bad thing, anyway.
Scroll all the way to the bottom of your inbox and click on “details”.
There is an option there to sign out of all other sessions.
I travel a lot, and I get these warnings every time I am in a new city. I get them when my PC trys to autolog me into Google. Because it tries 3 times, I can get 3 such messages. It doesn’t mean that anyone actually got into my account, because Google blocks even me. I then have to walk through their verification steps in order to access my Google account. I’m sure it does stop a lot of hackers, but so do strong passwords. I use 14 or more characters in my passwords, and I just find Google’s “anti-hacking measures” an annoyance.
I have received several of these notifications while researching replacements to iGoogle (www.google.com/ig). Apparently some of the services I tested are hosted outside of the US, thus prompting Google to sent verification emails. In my case, I was the culprit.
If you haven’t already done it I would also activate Googles two step verification by installing Google authenticator on your phone, Its a really great security feature!
Bingo — if you’re using a Google account, enabling two factor really is a MUST!
For those who need more info — here’s a full rundown on enabling Google two step authentication.
http://www.groovypost.com/howto/google-two-factor-authentication-roundup/
It’s really misleading sometimes. I received an email from 1 of my yahoo emails that was hacked. Itried to login but got blocked and to identify myself (i was the suspicious login from my reg home computer). When I got in and after changing passwords etc I checked the logins and they were from the Phillipines. I did not receive any reports of suspicious activity from those logins…. Why?
Yahoo and Gmail are different companies with different programming for their email programs. It makes total sense that Yahoo would not behave in the exact same way as Google and gmail. It could be that they don’t offer that service.
Not all services report suspicious logins. In fact most do not.
Somebody made a log in into my gmail and sent an email and made it appear that it was me who made it. But it wasn’t me. How is this possible when it is only me and my wife knows my password for my gmail account. Is it true that email can be accessed by anyone and send emails and make it appear that you are the one sending it because that is your email?
Email can be made to look like it came from you, even if it did not. This does not require any special access to your account.
How do I know if my google account and password has been hacked and what to do
This article may help with that: https://askleo.com/how-do-i-tell-if-my-email-has-been-hacked/
Well, I got the same message and got in to the account to change password and saw the suspicious device was from USA when i’m in Europe and did a whois lookup from the devices IP, couldnt believe it….
It was google inc itself?
OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2015-11-06
Ref: https://whois.arin.net/rest/org/GOGL
Yesterday I received a similar alert, and it really freaked me out. I started wondering how could someone have known my password (and it was something like “P4!.s5w0?/rD;443”). I couldn’t use a two step verification on that account, cause it was an old account and my current account was connected to it and receiving all the mails from it. It turned out the alert came from Google Inc., and it looks as if it was their own software and servers that caused a false alert while my new account was trying to connect to my old account to receive mail via POP3?
I just received an alert from Google saying someone that has my password and connected to my account was blocked. The IP in question is 157.56.23.8.
It’s from MICROSOFT ?!?!?!?!
https://whois.arin.net/rest/net/NET-157-54-0-0-1/pft?s=157.56.23.8
Is it possible that since I let my Hotmail account access all my other email accounts and retrieve emails from them that it’s being reported as a false positive or something like that?
I mean if Hotmail scans my gmail account and/or other providers for new messages, it might show up as being in the USA (I’m in Canada) since Hotmail or Outlook servers must probably be in the States?
Does it make sense that this could just be a false positive.
Of course this never happened before, so why it happened just now is beyond me.
my name is Takele Feyisa .then i rest my email passwords. at this time my emails very nessasry to my life please tell me or send me my passwords .thank you. my Email {removed} my passwords rest.
We cannot recover hacked accounts, lost or forgotten passwords. Please see this article for more information on your options:
http://ask-leo.com/would_you_please_recover_my_password_my_account_has_been_hacked_or_ive_forgotten_it.html
I received a message that someone used my password
My google email account totally disappeared. Went through the steps Google listed to recover but none of steps even recognized my email address nor password, nor my cell. Does Google delete accounts that are inactive for a given time period? Sent email to Google via their website but did not receive an answer. My email address is complex and password even more so thus would think it would be difficult to hack. Any ideas or suggestions? Thanks.
Yes GMail and most, if not all, free email providers eventually close un-accessed accounts and make those address available for others. You can try opening a new account with that name to see if it is still available. Any emails sent to that address previously will still be lost.
I believe several months of inactivity could result in the account being disabled, and then deleted after some more time.