Strange Google Account Access

amlothi

Member
SoSH Member
Jan 5, 2007
581
According to my Google account access history, a new device (Samsung Galaxy S 4) was added to my Google account about 1 week ago. Google shows that the SGS4 accessed my account 4 times the same day - no other access since. The IP address Google shows for that device matches the IP address of my home internet. This is all very strange because:
  1. We do not own a Samsung device of any sort and have never owned an SGS4. 
  2. I have had 2-factor authentication enabled on my account for years. 
  3. I was home at the time, and my phone (which I use to get the 2-factor codes) was with me during the times my account was accessed.
Has anyone see this before? Any explanation? How concerned should I be?I've already changed my account password and double checked my security settings, but I cannot explain this. There is no option in my Google account settings to remove or revoke access to this device.
 
 
 
I'm concerned about this because I've seen strange Google-related app/game charges on two of my credit cards dated yesterday, including one card that is not linked to my Google account at all. Both charges are pending, so the credit card companies won't do anything yet.
 
One other piece of info that might just be a strange coincidence: We have a family member visiting who does have a Galaxy S 4 and has been using our wifi. I've never used that device, but our guest has been using it for ~ a month at our home. Is it possible that Google somehow linked this device to my account accidentally for one day and one day only, even though it's been used other days? FWIW, it only shows on my Google account on not my wife's account.
 
 

SumnerH

Malt Liquor Picker
Dope
Jul 18, 2005
27,085
Alexandria, VA
Is your wifi password the same as your Google account's password, or is there some other way that the guest might have accidentally learned and used the Google password?
 

amlothi

Member
SoSH Member
Jan 5, 2007
581
sibpin said:
To remove device access: Devices & Activity. Don't think Google would link that guest's phone to your account without logging in on it.
 
Yes, that's where I saw the device being added. It appears my other devices can be removed here, but not this one. There's a note saying it will show for 2 weeks. Perhaps it's a safety mechanism that I can only remove it after 2 weeks. That way someone who hacks an account can't remove their device immediately afterwards to cover their tracks? I'll check back after 2 weeks and try to remove it then.
 

amlothi

Member
SoSH Member
Jan 5, 2007
581
SumnerH said:
Is your wifi password the same as your Google account's password, or is there some other way that the guest might have accidentally learned and used the Google password?
 
Not the same as the wifi password or any other password I use. It's a complex (capitals, numbers, symbols) password > 15 characters in length. It's not written anywhere but in my head. They would have needed to guess that, plus somehow sneak access to my phone for the 2-factor code without my knowledge. 
 
This guest is someone with minimal tech ability - can just about make phone calls, text, and play solitaire - and also completely trustworthy. No sign of my account being added to their phone either - I checked. 
 
My best guess at this point is that the SGS4 that shows on my account is a mistake somehow, and the credit card charges are coincidental.