I received an alert from Google about an unauthorized sign-in to my personal Google Workspace account. As the admin of this account, I checked the logs and found that the IP address associated with the sign-in matches my workplace. However, I was off work that day and my laptop wasn't there; I've only ever logged in with my work laptop on that Wi-Fi. I'm trying to figure out whether this was a technological issue or if someone at work might have gotten access to my password. How can I understand what's actually going on? I've already reached out to Google's help line, but they haven't been helpful.
4 Answers
Just a heads up, check if the alert really came from Google. There can be phishing attempts that look like they're from Google, trying to get you to hand over your login details. In most cases, sign-ins are either authorized or failed, so unauthorized sign-ins might be a red flag for a phishing attempt. Change your password immediately and set up MFA just to be safe.
First thing's first, change your password and definitely set up multi-factor authentication (MFA). You could spend a lot of time trying to trace this and might not get anywhere, so securing your account should be your priority.
There are a couple of possible reasons for this: 1) You might have been connected to your work’s VPN from home, which can make the sign-in seem like it’s from your workplace IP; 2) Someone at your work could have logged in without you knowing; or 3) The alert might be delayed from a sign-in you made the day before. It's unlikely that this is just a tech error causing Google to alert you for a sign-in that didn’t actually happen. Best to assume your password is compromised and enable two-step verification.
Got it, thanks! I’ll switch to MFA right away.
Google's support isn't likely to provide more than what you've already received. I'd lean towards a possibility of a VPN usage or a proxy at work being the cause of the sign-in. Better safe than sorry!
Yes, I checked and it was confirmed by Google. Maybe I misspoke earlier.