1

How can I investigate a potential security breach on my Google account that was perpetrated via an unknown device that I do not own?

I just got a horrifying e-mail from Google that seemed to indicate I had been hacked: it led to a webpage stating that there was a "New sign-in on LG Nexus 5". I don't own an LG Nexus 5! I immediately scrambled to change all my passwords to protect myself because I didn't recognize that device, but how could I find out more about it? I was in fact logging into my account recently using a different device, just not a Nexus.

ShieldOfSalvation
  • 173
  • 1
  • 9

1 Answers1

2

I found out later that in fact the perpetrator was me and that Google had incorrectly identified a Samsung Galaxy Note 4 device of mine as an LG Nexus 5. To confirm this, in the "Security alert" e-mail from no-reply@accounts.google.com, I clicked "CHECK ACTIVITY", which brought up a webpage (the one titled, "New sign-in on LG Nexus 5") where I saw the alleged perpetrator's IPv6 address and the approximate time of the alleged breach. This perfectly matched my own login activity timeframe and my Note 4's IPv6 address as found in Settings | About phone | Status, under the heading, "IP address".

So it appears Google does in fact misidentify certain hardware models when informing you about potential security breaches, and that it's worth investigating the source of each security alert in case it's actually a false alarm like this.

I also found the following post relevant and useful: Google Account Compromised - Possible Investigation?

ShieldOfSalvation
  • 173
  • 1
  • 9
  • Might be worth reporting this to Google to avoid other people falling for the same thing. – Aide Dec 18 '18 at 06:50
  • 1
    Yes, I've reported it now. I clicked the three-dotted menu at top right of the "New sign-in on LG Nexus 5" page, selected "Send feedback", and posted the above StackOverflow Answer text. – ShieldOfSalvation Dec 18 '18 at 14:58
  • I just got the same message. The location is very close to me. My guess is I accidentally switched chrome browser to developers profile of LG Nexus 5 profile. – Iaroslav Karandashev Oct 29 '19 at 19:01
  • I also had a phone where I started the initial setup process and then reset it and started again. One of my attempts shows up as an unused “Nexus 5” in my activity. So I am pretty sure that “Nexus 5” is just the default device when Google doesn’t have the opportunity to run long enough on a device to load its actual model information. – binki Oct 20 '20 at 20:20