I want to start by saying that I haven’t encountered this myself. Maybe I’m lucky.
Nonetheless, this is a very cool feature on Google’s part. Watching out for account theft like that is a very interesting and positive thing and I applaud Google for taking the initiative to understand what may and may not be a legitimate login for an account.
That said, what really happened here?
Become a Patron of Ask Leo! and go ad-free!
We can’t know for sure what really happened here, but Google probably wouldn’t notify you unless there was a real concern that somebody logged in with the correct password, and I’d treat it as such.
The issue is that there are constant attempts to access accounts. Most go unnoticed because they’re on the server side of things, a side of the internet you probably don’t see.
I, on the other hand, do manage servers and email accounts for some of my domains and I see this constantly. In fact, I see so many login attempts across so many email addresses that do and don’t exist that it’s actually quite frightening. Fortunately, I’ve taken several security steps on those servers to make sure that none of those bogus attempts are successful.
Basically, people who do this organize very slow, but extremely persistent brute force attacks where they’re taking random, best-guess, or common passwords and just trying to login to see what works.
Like I said, that’s happening all the time. Because you’re not receiving any notifications normally, you can assume with this recent message from Google that something reached a threshold. Somebody probably got your password correct.
Whether that really happened or not, it’s best to assume that they really did.
First things first
Change the password. In fact, review the article that I wrote awhile back, “Email hacked? The 7 things you need to do now.”
You may not need to do all of the things I recommend since Google blocked the login and the individual presumably did not get in. Nonetheless, the things in that list are worth paying attention to now because it’s possible that somebody may have had your password.