One of my friend recently has a problem with one of his gmail account. The account was compromised. He was sure that he was using strong, unpredictable password. I asked him if he has ever used internet on the public places. His answer was no. He also uses ssh proxy so this cannot be a man middle attack by using arp poisoning.
I am not sure if password database of google got attacked and compromised or it was just an individual problem, but I wanted to check my g-mail account to see what security features gmail has.
My friend understood his account got compromised once he discovered there is a back up e-mail address which he has no idea with it.
The problem is even tough he can change the password, the current sessions would be open. This is bad since attackers still can read/send e-mail from his account.
After I checked my gmail account I found followings:
As you see gmail tell us last account activity by giving the login time.
If you click the details, you will see this screen:
There are 5 IPs listed here. Now you can check if you see any unfamiliar IP. I saw one IP in there. I have checked it on whatismyipaddress.com and I was surprised it was from NY. I have iphone so when I was in 3G network, I may use NY IP. However, it was listed IMAP instead of mobile, that makes me a little uncomfortable.
I used my iPhone and see that if it was using same network number in the IP address field. Yes, it did! And, I felt much better:)
There is a button at the upper left to sign out all of the open session except the current one. This will make sure that we are now the only one using this account.
I hope you enjoy with these tips:)