Yesterday I got a notice from Google that someone had discovered my password for my secondary email, and tried to use it to log in. Thankfully, Google denied them as they were trying to log in with an unfamiliar/unverified device.
The password was randomly generated and saved via Last Pass, and the email address itself is less than two months old (as of this post) so needless to say, I'm a bit surprised by all of this. I've already changed the password, but I'm wondering what else, if anything, I could do to prevent this in the future. Any idea how anyone even could have gotten it?
Phishing? Did you click on any links and then type in the email? Scanned your computer for malware or keyloggers?
I'll go ahead and try another malware scanner, but that aside...
Phishing seems highly improbable; I've used the secondary email for all of two things: picarto and linking it to my primary gmail account (which didn't report any such problem). And the only times I so much as glanced at the password were when I had LastPass rangen it and its replacement.
Long shot, but: look at the certificate and make sure it's signed by Google's root authority.
I'm looking at the certificate, and I'm honestly not sure what I'm even looking for. Oddest thing I can discern is that the page info does not supply ownership information, and when I go to check the certificate, it says the OU is not part of the certificate, neither issued to nor issued by.
And on top of that, another login attempt was made just today (about an hour before this post), despite the new rangen password from Last Pass. The info Google provides feels confusing and unhelpful; saying the attempt was made in the United States (just "United States"), but when I do a lookup for the IP address, it tells me it's from Google Ireland.
I suppose the only bit of relief is that the login attempt was blocked, but it's still frustrating being told someone knows my randomly generated password. I went ahead and gave it a newer, longer rangen password, but it's starting to feel like an exercise in futility. I suppose I can be thankful I don't even use that address for anything, but it's still worrying.
You're looking for the chain, aka the certification path. You want to make sure it's signed by Google Trust Services.
Yes, it says that it was issued by Google Trust Services.
EDIT: So I'm beginning to think this is something on my end. When I set up the secondary email, I had it linked to my main email so I could check both without having to log in or out (because reasons, probably laziness). I tried link-checking it just now, and wouldn't you know it, I got another security alert because Google recognized the app (presumably Firefox) as "Less Secure." (I also got blocked from it because I upped the security settings a bit).
If this is true, gog I feel like an idiot.