Today I received this scary email entitled "Suspicious sign in prevented":
Someone recently tried to use an application to sign in to your Google Account, ... We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:Tuesday, July 10, 2012 4:18:41 PM GMT
IP Address: 18.104.22.168 (spcsdns.net)
Location: Bethesda, MD, USA
If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately. Find out how at http://support.google.com/accounts?p=reset_pw
If this was you, and you want to give this application access to your account, complete the troubleshooting steps listed at http://support.google.com/mail?p=client_loginSincerely,
The Google Accounts Team
After checking my public IP (of course I know it by heart, but just in
case =)) and making sure that it is not even close to
22.214.171.124, I decided to change my password.
But after a cup of coffee and some thoughts, the identity of a mysterious hijacker was exposed - it was myself. To be exact, it was my recently bought Android phone acting on my behalf. When I stepped out of my apartment to buy coffee, it switched from WiFi to mobile network data connection and tried to fetch some emails.
The only thing that I don't understand, is why Google linked the phone's IP with suspicious domain and location, while other IP locators, such as ip2location.com, had no problems identifying it as belonging to the SPRINT network.
Anyway, changing your password from time to time is not a bad idea =). I'll think of it as a test alarm that will make me prepared for real threats.