I received Google's "Suspicious sign in prevented" email, and verified that it is legitimate, and this is definitely not my login attempt. I immediately changed my Google password, however, the email is very light on details, and it is not clear whether my password was in fact compromised, or someone just tried to login with a wrong password (e.g. nothing to worry about).
My Google password is not guessable, not used anywhere else, not written anywhere, not known to anyone else, so if someone knows it this means I've got a keygen or some other malware on one of my computers.
So, does anybody know what Google's tried to use an application to sign in to your Google Account
actually means? What kind of a credential (password, OAuth token, etc.) was compromised, if any?
Best Answer
Reading from your question, I would say that your password isn't compromised. As Google has stated, it was an attempt by the hacker to gain access to your account, and Google identified it as suspicious and prevented it from continuing. This does not necessarily mean that the hacker has gotten hold of your password and all the contents in your email.
You can check the recent login details at the bottom of your inbox page to see where you have logged in to your account. Most likely in this case it would just show details of your own computers and no one else's. Of course, if you see something different and you are certain that you have never logged in from that computer before, sign that specific session out and change your password.