I just got an email from Google saying that someone logged in to my account using some different email address!?

This got me pretty alarmed:

GoogleHackAttemptFullMail

I immediately checked the devices from which it was accessed but couldn’t see any different from what I use usually. Nevertheless, even though I use two-factor authentication, I changed my password immediately.

Now, has any one of you had a similar experience? I thought the “problem” could be related with Google ignoring the dot (.) in the email thus for example [email protected] and [email protected] would come to the same email address. But, someone used the added numbers 33, so this hardly would pass as the same use case.

Anyways, still kind of baffled about it, so would appreciate some insight from more knowledgeable users.

edit: I asked this question on another StackExchange site (StackOverflow is a part of StackExchange btw) called Web Applications and will see if I get some explanation  there.

edit2: The answer, as that usually is the case with StackExchange sites, came pretty swiftly. User Al E. responded:

It’s hard to tell exactly what you’ve got here. (I don’t speak or read the language. (Slovenian? Croatian?)) I suspect one of two possibilities:

  1. Someone logged in (or tried to log in) from an area where you usually aren’t. (I might get a message if someone tried to log in from China, when I’m on the East Coast of the U.S.)
  2. More likely, I think, is someone has set your email address to be their recovery email or alternate email, and probably by mistake

I think you’ve done the responsible thing. You’re already using two-step authentication and you’ve changed your password. This probably won’t ever come up again. I wouldn’t worry any more about it.

And my comment on it was:

Thanks for your answer. Sorry for not translating Croatian (very close guess btw!), but essentially what it says is that someone just signed in to my account [email protected], then some details and then the question with a link if I don’t recognize this activity. Since this email isn’t mine I’m inclined to thinking that the possibility 2 really is the case, be it intentional or unintentional. But yeah, I probably should have a peace of mind having changed the pass immediately and since I have a two-way auth enabled. Thanks for reassurance! –

Written by Nikola Brežnjak