Did Someone Log In to Google with My Password?

//
I just got this message in my Google email, “Someone recently tried to use an application to sign into your Google account.” The suspicious sign-in was in China, so apparently Google thought it might not be me and blocked it. What I want to know is did this suspicious sign-in actually use my correct password? Or did they just try to sign-in with random passwords hoping to stumble across the correct one?

I want to start by saying that I haven’t encountered this myself. Maybe I’m lucky.

Nonetheless, this is a very cool feature on Google’s part. Watching out for account theft like that is a very interesting and positive thing and I applaud Google for taking the initiative to understand what may and may not be a legitimate login for an account.

That said, what really happened here?

Become a Patron of Ask Leo! and go ad-free!

Cracked passwords

We can’t know for sure what really happened here, but Google probably wouldn’t notify you unless there was a real concern that somebody logged in with the correct password, and I’d treat it as such.

The issue is that there are constant attempts to access accounts. Most go unnoticed because they’re on the server side of things, a side of the internet you probably don’t see.

It's frightening, on the server side, to watch the constant attempts being made to brute force a way into email accounts. So it's safe to assume that if Google sent you a notification... someone got in!I, on the other hand, do manage servers and email accounts for some of my domains and I see this constantly. In fact, I see so many login attempts across so many email addresses that do and don’t exist that it’s actually quite frightening. Fortunately, I’ve taken several security steps on those servers to make sure that none of those bogus attempts are successful.

Basically, people who do this organize very slow, but extremely persistent brute force attacks where they’re taking random, best-guess, or common passwords and just trying to login to see what works.

Like I said, that’s happening all the time. Because you’re not receiving any notifications normally, you can assume with this recent message from Google that something reached a threshold. Somebody probably got your password correct.

Whether that really happened or not, it’s best to assume that they really did.

First things first

Change the password. In fact, review the article that I wrote awhile back, “Email hacked? The 7 things you need to do now.

You may not need to do all of the things I recommend since Google blocked the login and the individual presumably did not get in. Nonetheless, the things in that list are worth paying attention to now because it’s possible that somebody may have had your password.

22 comments on “Did Someone Log In to Google with My Password?”

  1. There’s also the possibility that it wasn’t really from Google, but a phishing attempt. (http://glossary.askleo.com/phishing/)

    I get such things all the time, supposedly from my bank, credit card, etc. etc. etc. (Though I must admit I’ve never gotten something like the original message being asked about.)

    Of course, unless you know it’s a phishing attempt, changing your password might not be a bad thing, anyway.

  2. Scroll all the way to the bottom of your inbox and click on “details”.
    There is an option there to sign out of all other sessions.

  3. I travel a lot, and I get these warnings every time I am in a new city. I get them when my PC trys to autolog me into Google. Because it tries 3 times, I can get 3 such messages. It doesn’t mean that anyone actually got into my account, because Google blocks even me. I then have to walk through their verification steps in order to access my Google account. I’m sure it does stop a lot of hackers, but so do strong passwords. I use 14 or more characters in my passwords, and I just find Google’s “anti-hacking measures” an annoyance.

  4. I have received several of these notifications while researching replacements to iGoogle (www.google.com/ig). Apparently some of the services I tested are hosted outside of the US, thus prompting Google to sent verification emails. In my case, I was the culprit.

  5. If you haven’t already done it I would also activate Googles two step verification by installing Google authenticator on your phone, Its a really great security feature!

  6. It’s really misleading sometimes. I received an email from 1 of my yahoo emails that was hacked. Itried to login but got blocked and to identify myself (i was the suspicious login from my reg home computer). When I got in and after changing passwords etc I checked the logins and they were from the Phillipines. I did not receive any reports of suspicious activity from those logins…. Why?

    • Yahoo and Gmail are different companies with different programming for their email programs. It makes total sense that Yahoo would not behave in the exact same way as Google and gmail. It could be that they don’t offer that service.

  7. Somebody made a log in into my gmail and sent an email and made it appear that it was me who made it. But it wasn’t me. How is this possible when it is only me and my wife knows my password for my gmail account. Is it true that email can be accessed by anyone and send emails and make it appear that you are the one sending it because that is your email?

  8. Well, I got the same message and got in to the account to change password and saw the suspicious device was from USA when i’m in Europe and did a whois lookup from the devices IP, couldnt believe it….

    It was google inc itself?
    OrgName: Google Inc.
    OrgId: GOGL
    Address: 1600 Amphitheatre Parkway
    City: Mountain View
    StateProv: CA
    PostalCode: 94043
    Country: US
    RegDate: 2000-03-30
    Updated: 2015-11-06
    Ref: https://whois.arin.net/rest/org/GOGL

    • Yesterday I received a similar alert, and it really freaked me out. I started wondering how could someone have known my password (and it was something like “P4!.s5w0?/rD;443”). I couldn’t use a two step verification on that account, cause it was an old account and my current account was connected to it and receiving all the mails from it. It turned out the alert came from Google Inc., and it looks as if it was their own software and servers that caused a false alert while my new account was trying to connect to my old account to receive mail via POP3?

  9. I just received an alert from Google saying someone that has my password and connected to my account was blocked. The IP in question is 157.56.23.8.

    It’s from MICROSOFT ?!?!?!?!

    https://whois.arin.net/rest/net/NET-157-54-0-0-1/pft?s=157.56.23.8

    Is it possible that since I let my Hotmail account access all my other email accounts and retrieve emails from them that it’s being reported as a false positive or something like that?

    I mean if Hotmail scans my gmail account and/or other providers for new messages, it might show up as being in the USA (I’m in Canada) since Hotmail or Outlook servers must probably be in the States?

    Does it make sense that this could just be a false positive.

    Of course this never happened before, so why it happened just now is beyond me.

  10. my name is Takele Feyisa .then i rest my email passwords. at this time my emails very nessasry to my life please tell me or send me my passwords .thank you. my Email {removed} my passwords rest.

  11. My google email account totally disappeared. Went through the steps Google listed to recover but none of steps even recognized my email address nor password, nor my cell. Does Google delete accounts that are inactive for a given time period? Sent email to Google via their website but did not receive an answer. My email address is complex and password even more so thus would think it would be difficult to hack. Any ideas or suggestions? Thanks.

    • Yes GMail and most, if not all, free email providers eventually close un-accessed accounts and make those address available for others. You can try opening a new account with that name to see if it is still available. Any emails sent to that address previously will still be lost.

Leave a reply: