New
#1
Google Account Hacked
Hello, me and my wife are facing a serious issue in Google account. About year ago, we accidentally found out when we were checking her Google account security that some "Samsung" phone was in the list of her devices. She doesn't have Samsung phone. We of course forced it to sign out and changed her Google password into very strong one. We also enabled all the security measure we could (2 factor authentication, Google prompt, SMS approval and etc). We thought, we finally did out best, but seems like I was wrong. Three days ago, she received email from the Google that said this:
"New sign-in into your linked account. Your google account was just signed in to from a new OnePlus 3T device. You're getting this email to make sure it was you. Check activity."We checked activity and in devices, we see that there's some OnePlus 3T phone which we don't have. I again, forced it to sign out, changed password again (but previous password was already very strong). I also clicked on "show IP address", and I was very surprised to see our IP address there. I'm not very good in network, so I asked in another forum too and people told me that someone might be penetrating our router and that's how he hacked her account since it showed same IP address as our computers. Now, about routers in my house: We have two routers. One, main is ZTE brand that was provided by my ISP that is source of Internet and we also have another one - TP-Link which is a wireless router and acts as an access point. My computer and TV gets Internet through that router, however my wife's computer and my mother's computer get Internet through the main router. I entered in the panel of TP-Link router. It had default username and password (admin/admin). I changed it into strong username and password and I also upgraded it's firmware and I also changed our WIFI password into strong one. I also talked to my ISP. He told me if attacker attacked our router, he would attack that TP-Link, not that ZTE, however my wife's computer gets Internet from the main one and she is also using Google Chrome profile in my computer too, so she is logged into her Google account in her computer, in my computer and in her phone.
I am thinking how this person could hack her Google account. He didn't change anything, he just logged in, but what is weirdest thing in all this that when her Google account was logged in with those phones, we never got notification in her phone to approve login. When you enable 2 factor authentication and Google prompt in your account and when you try to sign-in in your Google account from the new device, you get notification in your phone and you can approve or reject that login there. She NEVER received such notification in her phone, so this person bypassed this somehow. I have no idea how is this possible. I also don't know for sure from where attacker made this attack, through router or maybe from some application in her phone or computer? But if he would do it from these sources, how he had our IP address?
I don't know what to do. Any advices? The only thing I have in my mind is to buy longer cable and connect her computer to the Internet through my second router (TP-Link), which I secured much better yesterday? I think it's a good idea, yeah? What else I can do? I tried to contact Google support about it, but they don't have support, just some useless articles that don't tell me anything new I don't know.