Hi. Two years ago I received a phone notification from gmail that a sign-in attempt was blocked. someone from another country use my password to log in,but google blocked the attempt.
At that moment I was very busy and forgot to change the password and went on with my life. (I am not sure if I receive a promt to say that it was or not me).
Is it a chance that that person have remained passive and follow my emails,drive,youtube and the whole packet from google these years?
I didn’t have 2FA. Just my password.
I checked with haveibeenpawned and it says ok. Did you know how that person find my password(it wasn’t weak)?