Earlier today my Google account was compromised from a chinese IP address and used to send 4 spam mails with multiple recipients, probably everyone in the addressbook on that account. Apart from feeling my privacy had been violated and having taken quite a hit to my pride from loking like an ass with a bad password (it wasn’t, actually, not stellar either), I now have gotten the kick in my pants needed to have all passwords in 1Password and managed through there.
The hacked account was only used for the things I can’t use my main Google Apps Pro account for, and was only set to forward mail and do nothing more, and that was how I discovered the problem, seeing a high number of mysterious bounces.
Logging in there was a fat dark red warning message along the top of the page that the account had been accessed from another IP than normal, and a link to click on with the details. It doesn’t seem I can get to that info again, and Gmail Help says that “Please note that we aren’t able to provide you with information about attempted logins to your account including, but not limited to, the IP address from which the attempted login was made, and the time and date attempted logins occurred.”
Oh well. Back to work with my new best friend; 1Password. Please consider doing something similar yourself before it’s too late.