89

Yesterday evening my android phone (Google Play Services app) asked me to log in again into my account due to "security changes" (I don't remember the exact wording used).

I double checked it was the real app and logged in again (I went through all the authentication steps, including 2FA through SMS that was automatically picked up by the app).

I then checked all my account activities and security settings, and found there were no signs of access or edits other than my own. Everything looked perfectly fine, including linked devices and apps.

Should I worry, or is this a random check by Google to see if my access from the phone is still valid? (Or maybe Google Play Services just lost an auth token and asked me to log in again?)


Example of sign-in request:

enter image description here

Franck Dernoncourt
  • 325
  • 2
  • 4
  • 14
BgrWorker
  • 1,941
  • 1
  • 11
  • 17
  • 43
    No idea, but saw the same... – Matthew Feb 24 '17 at 10:12
  • 5
    Same thing happened to me last night. If that is any consolation! I panicked and changed password and added 2FA (which I'd put off for way too long) – user2867314 Feb 24 '17 at 10:12
  • 6
    Same here. That really got me out of bed quickly this morning. – Arminius Feb 24 '17 at 10:24
  • 2
    Haha same. I realized that it probably was nothing to worry when another account using a different password asked me for a password too. – thel3l Feb 24 '17 at 10:27
  • This glitch has also resulted in Google WiFi and OnHub routers being reset. See also [this answer on Web Applications](http://webapps.stackexchange.com/a/103480/354). – ale Feb 24 '17 at 16:21
  • 2
    Cross-site dupe: http://webapps.stackexchange.com/questions/103479/why-did-i-get-a-theres-been-a-change-to-your-google-account-message-and-passw/103480?noredirect=1#comment90450_103480 – David says Reinstate Monica Feb 24 '17 at 17:44
  • So it appears that Google should do something like this intentionally to get people to enable 2FA, eh? – Wayne Werner Feb 24 '17 at 18:36
  • SMS isn't secure. Recommend using an authenticator app for 2FA. – Jeff K Feb 24 '17 at 22:48
  • 1
    I expect this widespread security action is likely related to [the cloudbleed bug](https://en.wikipedia.org/wiki/Cloudbleed), and is most probably precautionary on Google's part. – Steve-O Feb 25 '17 at 02:41
  • I had this happen on my account with 2FA already enabled, but not with my other account which does not have 2FA. – daboross Feb 25 '17 at 07:14
  • 1
    @Steve-O The security team who identified cloudbleed [say it is unrelated](https://bugs.chromium.org/p/project-zero/issues/detail?id=1139#c25) – Waddles Feb 27 '17 at 00:51
  • Side note: I noticed the design of this notification doesn't show me which app it is from. I almost entered my password into a screen that could have been from any random app, until I verified it by going back to the main menu and then specifically opening the Play Store. – user253751 Feb 27 '17 at 05:54

3 Answers3

86

Google says it's not a security problem and that you don't have to worry.

After investigation they issued a statement in the Google product forums:

What happened?

During routine maintenance [from 1pm to midnight PST yesterday], a number of users were signed-out from their Google accounts. This may have resulted in you being signed out of your account or seeing a notification about “A change in your Google account” or “Account Action Required.”

We hear your concerns that this appeared to potentially be phishing or another type of security issue. We can assure you that the security of your account was never in danger as a result of this issue. You can always learn more about the Security tools Google provides at www.google.com/safetycenter/

What should I do now?

First, try signing back in with your usual username and password at accounts.google.com. If you can’t remember your password or can’t sign in for another reason, recover your account here: g.co/recover.

Note that the statement only refers to this particular incident from around February 24th, 2017 which has affected many users and is likely harmless. But more generally, if Google is asking for a security confirmation or warning you about changed account details, you should take that seriously and review your security settings and recent logins - as you should do regularly anyways.

Arminius
  • 44,242
  • 14
  • 143
  • 138
9

Google released a statement earlier today, confirming that it was not a security breach. I found an article here

Here's their statement:

We've gotten reports about some users being signed out of their accounts unexpectedly. We're investigating, but not to worry: there is no indication that this is connected to any phishing or account security threats.

Please try to sign-in again at accounts.google.com and if you cannot remember your password, please use this link (g.co/recover) to recover your password. If you use 2-Step Verification, there may have been a delay in receiving your SMS code. Please try again or use backup codes.

thel3l
  • 3,394
  • 11
  • 24
7

If you're worried about the legitimacy of a login notification, i.e. if you suspect that the notification might actually be from a malware, then don't sign in on the password prompt on the notification bar. Instead, go to one of the Google Apps or System settings and trigger the login dialog from there.

Lie Ryan
  • 31,279
  • 6
  • 69
  • 93