Tip: Use Gmail’s built-in activity monitor to audit account security

One of my favorite aspects about Gmail is that Google goes above and beyond simple e-mail, having extra features not found in many other e-mailing services. One of these extra features is Gmail’s activity monitor.

Gmail’s activity monitor is a tool that monitors and logs who accesses your Gmail account (IP address + geographic location) and at what time the account was accessed; it also tells you from what device the account was accessed with (mobile, browser, etc.):

Using the recent activity log, one can easily spot if there has been unauthorized access to ones Gmail account – just look for erratic, unknown, or unusual IP addresses. If you find an IP address that does not belong to you – look at the very bottom of the page to see your current IP address – that may mean your account has been hacked.

Do note, though, that just because you find multiple different IP addresses accessing your Gmail account that does not necessarily mean your account has been compromised. You could have accessed your account using different Internet connections (i.e. your WiFi, your phone, your friend’s WiFi ,etc.) in which case IP addresses will differ; you may also be assigned a dynamic IP address from your ISP (most people do) so your home Internet’s IP address will change periodically, and that change may be reflected in the activity log.

To double-check and verify if your account has been compromised, IP addresses can be researched using tools IP tracing tools. These tools provide detailed information about IP addresses, allowing you to determine if the access to your Gmail account was legitimate – i.e. by you – or not.

While you can use any tool you want to research IP addresses, WhatsMyIPAddress is my personal favorite IP address-searching tool because it displays general and geographic information regarding an IP address, in a human-readable manner:

If you come to the conclusion your account has indeed been compromised, you can use the activity monitor to quickly change your password (pick a good one this time):

  • Click on Sign out all other sessions to ensure nobody but you is accessing the account at that moment:

Once you change your password, since you logged everyone out that was logged in, no one but you will have access to your account.

Four more things to note:

  • In addition to changing your password, if your account has been compromised you should consider changing your security question/answer and verifying your recovery e-mail address and phone number are accurate. If someone broke into your account, they also could have figured out the answer to your security question (or even changed the question/answer), and/or modified your recovery e-mail address and phone number. All three can be changed via Google account password recovery settings:

  • You do not have always have to manually access the activity monitor to view for suspicious activity. Gmail’s activity monitor has the ability to be set to automatically issue you alerts when it discovers odd access to your account:

By default the activity monitor is actually set to automatically issue you alerts; so you don’t need to turn it on yourself.

  • The activity monitor is accessible by clicking on Details at the bottom of your Gmail account’s page:

  • The activity monitor is available on regular Gmail accounts as well as Google Apps accounts.

While the Gmail activity monitor is no protection against hackers, it is an easy way to clean up the mess after the fact. *Cough* Gawker’ed *cough*

Have any other useful Gmail tips? How about tips regarding other e-mail services? Share with everyone in the comments below!

Thanks IainB!

Related Posts

  • Britney Spears

    Hi everyone,
    If you have concerns over your partner’s fidelity, improving your credit score, grade change or doubt your employee’s sincerity I am certain deephacking17 can help you get direct access into their phones and computers easily without their knowledge and within a specified time frame.
    This team of certified grayhat hackers helped me when I desperately needed to get evidence of my cheating husband’s extra-marital affairs. I was tired of being lied to and wanted a divorce, all thanks to them for their reliable services else I would never have been able to confront him with proof of his escapades

    If you need help don’t hesitate to reach them through their email (deephacking17-at-gmail-com)

  • dawn white

    KINDLY CONTACT cyberhackpros@gmail.com for any hacking basics

  • Chris Land

    HACKSERVICES41 at GMAIL dot COM is the best and only true hacker outhere…I can guarantee he is very competent and reliable…You can contact him

  • thomas phelan

    Hello everyone! i want to publicly appreciate the effort of secretrevealer04@gmail.com for helping me hack my partner’s
    phone without access to the phone and my partner did not figure or suspect anything,i want to recommend him for you all,
    he is fast and highly reliable…He would be willing to help you….Tell him i reffered yoU….Goodluck

  • Nora Mcnulty

    It is not so typical of me to refer professionals online but I feel like I owe a lot to cyberlaser who helped me track my cheating husband when he was having an affair, I got to find out that he has been lying to me for the past 5 months and seeing two other women. I was able to get direct access to his text messages, phone conversations and all social networks
    on his phone: what was most amazing was that his recently deleted messages were retrieved by cyberlaser. If you are getting less than you deserve in your relationship and want to be sure
    Contact : cyberlaser55@gmail.com
    SMS/call: (+1) 917-563-8226

  • Nora Mcnulty

    Hello Everyone, I am Nora and I want to use this medium to say cyberlaser55@gmail.com is the best out here. if you need hacking into a cheating spouse phone,email,facebook, etc..You really need cyberlaser55@gmail.com . I read a post by Charity Waller,she connected me with him he is a masterclass at this hacking jobs, its so discreet and interesting, tell him i referred you please..
    i promised i would help in any way since he did the same for me..SMS/call: (+1) 917-563-8226

  • Micheal Smith

    I have used Cyberhacksolutions quite a numberof times and he has never disappointed me..He does all types of mobile hack;get unrestricted and unnoticeable access to your partner/spouse/anybodies facebook account,email,watsapp,textmessages.He also makes changes in any database/website such as your college/university grades..Getting the job done is as simple as sending an email or text (CYBERHACKSOLUTIONS@GMAIL.COM) or +1 916 378 4978 Tell him i reffered you.He will help you

  • tracy lane

    Should you ever require the services of a hacker, i implore you to try your very best to hire only professionals. hyperhacktive1 @gmail .com will increase your chances of getting your job completed. i was able to hire the services of an elite, asides the fact that i was provided a permanent solution to the service he rendered me but he gave a very efficient customer experience. he carried me along with every process and didnt leave me in the dark.
    contact; hyperhacktive1 @gmail .com

  • Catherine Audrey

    I am so blessed to have known roughhack@gmail.com you are god sent.i really appreciate working with you after you helped me discover my husband was cheating on me and all he asked for was his email and phone number, that way I was able to access all the information I needed .i am not ashame to tell because i know alot of people need this too.you can hit him up on his email

  • rosc jackson

    Please cease from contacting these fake hackers who ripp you off u
    finally i got in contact with a friend in England
    who hired a man to do her private investigation on her man. she told me
    he might also be able to do my work so i contacted
    cyberappshacker@gmail.com they helped me hack into my husbands
    facebook smoothly, hacked into his emails and cell phone.the sweetest
    of all is that he shows proof and doesnt collect payment first. he works
    first then payment after, they chooses who they works for, mentioning my
    name would make him respond and treat you better as we are now close.
    Just tell him you are from me. He also does so many other hacks like
    facebook, whatsapp, bank, credit card, just name it

  • Ronald Shroedinger

    another massive scammer hackerethique@gmail.com advertises himself as Bruno Clement but in real,
    he is Troy Myers from Marietta, Georgia,US.
    scams people, by trying to sound very convincing online. also if you google the email address,
    you can find many comments from a certain user SOPHIE12, which has the same comments in all those websites.
    massive scammer, DO NOT TRUST him.
    hope he dies though

  • michelle

    hackerethique saved my life, I was in a custody battle situation with my two year old daughter and my alcoholic ex-husband. He continued to defy safety restrictions and court orders, and I was never able to catch him in the act. I was referred to hackerethique@gmail.com during my desperate need of evidence. He totally understood my situation and guided me every step of the way to put a tracker on my ex-husband’s phone where I could track him from his phone, see his text messages, social networks and even deleted messages and know exactly what he was up to directly from my phone. Tell him from michelle and he might help, he can hack anything

  • kevin

    Hi thanks for this information. Is there a way of getting an audit trail for a specific email within my Gmail account
    regards Kevin

  • someone

    I like the FlagFox firefox addon to provide me with is site down or me, my IP/info, WOT/Safe Site, and a whole lot more. I like the convenient access to those tools via right-click in URL field. You can add actions; don’t know if you can edit what’s already there but you can hide and add action to essentially replace.

    I’m curious how Google’s https works in terms of privacy. If you use https connection can they still log, track and provide (e.g. if ordered by law agency)?

  • alan

    Thank you for those links, especially http://isthatsitedown.com/
    I especially like the facility to paste a list of my favorite websites into the “Check Many Sites” page.
    I tested that and it worked;
    even including two instance of http://isthatsitedown.com/ never crashed it.

    Now all I have to do is create a file listing my favorite sites ! !


  • Dru

    @Tortuga: I’ve been trying to dig up a mail aggregator I read about recently. Not sure which it is, but it’s like Zimbra or Inbox.com. I think it’s a desktop client; I would prefer to stay away from a web service. I’m looking to pull Yahoo, Gmail, POP3, etc into one place. I’m concerned that forwarding rules may mean replies go back to my email account instead of sender.

    I’ve not used Thunderbird, but have a “someday maybe” project of migrating from M$ Office; at this point, Thunderbird is probably where I’d look first for email.

    I appreciate your observation that reducing email accounts has positive security impacts. I plan to go to all my online accounts and review what info I’ve got “out there”, change email address to one I’d use exclusively for online registrations/forums (not friends and family and not financials), and set long secure passwords. One nice thing about Outlook is I can pull in multiple POP3 accounts and can through rules auto-file based on account into separate folders. I’ll probably do that once I iron out this 3-account idea I’m kicking around.

    As an aside, I started using Lastpass today and I like it. I have been using Sticky Passwords from GOTD for a month or two and really like the functionality it provides. A huge help with setting better passwords!

    I’m not sure I can give you good feedback on your thoughts, but if I were managing many email accounts I would want to consolidate them (I can’t remember the last time I checked my Hotmail and Gmail accounts, and my Yahoo one languishes months between checks), and eliminate what I could. I defer to others to give you input on Thunderbird; I’ll be watching for those comments to help me with my “someday maybe” project.

    Cheers! Happy new year!

  • Tortuga

    @Dru: Hello Dru

    Well, 3 accnts!!? That would be great to have «only» 3 accnts!
    The way we set it up, we have 1 accnt per machine »» for Freebies /registrations & whatnot.
    Also have business & personal accnts.
    All in all its A LOT of stuff to check /verify / cleanup / keep up with /change security/ verify pwrds /… And we arent even on F8, Twitter and all that Social (waste of time) crap.

    And my husband doesnt like to do any of it, so guess who does it??!!
    Having hard time keeping head above water as they say *sigh*

    But as you say, FWding everything to 1 central location is a good idea, not only to manage it easier but also for security reasons. I’m thinking of redoing a new setup w Thunderbird soon.
    What do you think?

    See you around

  • Dru

    Maybe having 3 accounts would be a good idea? I think Ashraf mentioned somewhere he had more than one. I think I think maybe 3 accounts would be good: 1 for all secure stuff (banks, credit cards, etc), 1 for forums and registrations (may get spammed), 1 for friends and family. You can aggregate into one place by forwarding rules or 3rd party solutions (I came across one recently, forget the name, but it can pull together gmail, yahoo mail, pop3, and others).

  • Tortuga

    Hello Ash

    Thanks for reminding us to be more vigilant.
    I knew all that, but still hardly ever check.

    One thing we should verify regularly is GMail filters – and make sure all the filters are *our* filters.
    Have heard horror stories of people that had the accnt compromised, but the hackers only added/changed a couple of filters to redirect Bank info, statements, transactions, to their own acct.
    People w a long list of filters like my husband & I have, in several accnts, it will not be immediately apparent that anything has changed.

    On the other hand, if we do all we should do to be safe, we wouldn’t be able to do anything else:
    • Regularly change pwrds, for each accnt (eMail, bank, pin, access codes, … , … ) check all the logs, do security spot checks, check statements, balance the books, get deposits & all payments on time, get all paperwork done, …
    •And when one thinks its all done, hell no – Have to learn new ways to defend ourselves against new threats, and on and on and on it goes.

    It’s maddening – There is just *no* time to do it all!
    Phew, just thinking about it – I’m tired!!!

    Laters :)

  • Tortuga

    @alan: Hi there
    I use http://www.downforeveryoneorjustme.com & also http://isthatsitedown.com/
    Dunno if it helps, hope so.


  • alan

    It appears that http://WhatsMyIPAddress.com was not well yesterday and is far worse today.

    Other DNS providers are having problems with them today.

    I started the topic linked below, and from responses now understand that Google DNS ignore TTL problems and are more willing than OpenDNS to allow users through.



  • Ashraf

    @Dru: Well you can’t keep OpenDNS from knowing about you if you use them because you are routing all traffic through them, meaning even if you use a proxy the traffic is being routed through OpenDNS then wherever it needs to go. I honestly don’t recommend OpenDNS to people because of that potential privacy issue. I trust my ISP more than I trust OpenDNS.

    And trying to prevent your ISP from knowing who you are is like trying to buy a car without giving your name. Really isn’t going to happen. In fact, I would say trying to buy a car without giving your name is easier than trying to hide from your ISP.

    That said, I have heard Tor is a good way to protect anonymity, but I have never personally used it so I don’t know. One thing you should consider with Tor, though, is that it doesn’t magically protect your privacy. If I understand how Tor works, it routes traffic through Tor “nodes” voluntarily setup by people. Who is to say one of these people isn’t using their “node” as a way to mine the data of people who are routing traffic through it? Similar concept applies to proxies.

    Finally, trying to hide from Google is no longer a simple matter of not using their search engine. Thanks to Google AdSense, Google is everywhere on almost every website, including dotTech. To fight Google you 1) Need to stop using all their services and 2) Opt out of their ad cookies (see http://www.google.com/privacy/ads/) and 3) I am sure there are other things you need to do too.

  • Dru

    @Ashraf: Wouldn’t Tor, Ixquick, and proxies help prevent ISP, Google, and OpenDNS from knowing all about you? What resources do you recommend to learn more about this and practice safe computing in a world marked by growing surveillance/monitoring/profiling?

  • Ashraf

    @alan: Google may or may not know everything about you. But if you are using OpenDNS, they sure do =P

    @Everyone: The mention of this husband-wife e-mail thing made me look it up, out of curiosity. While I am not making a judgment call on what the husband did (right or wrong is not for me to decide) I do find it odd that valuable resources are being spent to prosecute a guy who looked at his wife’s e-mail. Don’t they have drug dealers or murderers or other more dangerous crimes to deal with?

  • alan


    A large network of bargain grocery stores sends me a weekly email of special up-coming bargains.
    As I read each one Gmail would instantly select one or two and suggest them with calendar reminders.

    How clever of Google Gmail to guess what would appeal to me,
    they seemed to know my weekly shopping list as well as my Tesco Loyalty card ! ! !


  • Dru

    I read an article here in US that shortly (within hours) after using her Gmail account to email a family member regarding a particular form of cancer that she started seeing medicine ads relating to cancer in her adverts area. The conclusion was Google mined her email for more targeted ads. This and the massive profile type of information that’s being collected, aggregated, and mined has kept me from gmail. Is this ridiculous on my part or smart?

  • alan

    Several hours ago I changed my primary DNS from OpenDNS to Google DNS =

    Since then http://WhatsMyIPAddress.com has given me several sessions of successive failures of the type I previously posted, and several sessions of success.

    I think either OpenDNS has random sessions of difficulty resolving WhatsMyIPAddress.com,
    or Google DNS has random sessions of winning the race with a resolved the IP number
    and other times Google resolves too late and OpenDNS has jumped in with its spurious error report.

    Right now I am lucky and/or Google DNS is winning the race,
    and I launched CMD.EXE and ran
    ping whatismyipaddress.com
    which told me
    Pinging whatismyipaddress.com [] with 32 bytes of data:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    I will try that again when Google is losing the race.

    N.B. Although I get a ping timeout from the resolved IP,
    when I paste in my Firefox address bar
    I get a page that is blank apart from my current IP address.

    I have found the official OpenDNS forum.
    Posting now – will report here any further updates

  • Emrys

    Yup. I knew about this service, that’s why gmail is my main address. And what a hornet’s nest you stirred up with this one. Might as well stick your head in a bee hive. (No don’t…just a figure of speech).:)

  • Jimmy

    Thanks for the info on WhatIsMyIPAddress.com

  • Mike

    @Rob (Down Under): What makes the story especially interesting, as I understand it, is that the computer the husband accessed was the family/common computer. They’re saying in the U.S. (yes, it’s being reported here) is that this will be a test case of sorts.

  • meldasue

    @meldasue: Sorry, it’s the prosecution for Oakland County, not the defense, that is trying to portray the guy as a hacker. You’d think that in a area with serious financial problems, they’d have more important crimes to prosecute.

  • meldasue

    @Rob (Down Under): I had to look this up, because I hadn’t heard of it. Here is the link to the Detroit Free Press article: http://www.freep.com/article/20101226/NEWS03/12260530/Is-reading-wife-s-e-mail-a-crime?-Rochester-Hills-man-faces-trial#ixzz19QnWE3fq

    It’s an experimental case – they don’t know if they can apply the Michigan anti-hacking law to this case, and it’s somewhat complicated – the man found evidence that his current wife was having an affair with her previous (second) husband, who was abusive. He gave the e-mails to the first husband, who is the father of her child, out of concern for the child. I can see that there might be *civil* law implications here, since the husband shared the information with another person (even though it was in the interests of the child’s welfare).

    However, this is a law specifically written to combat identity theft and stuff like the Gawker hack, and the defense is trying to portray the husband (who is a computer tech by trade) as a sophisticated hacker. Considering that the password was sitting in a notebook next to the computer, it’s going to be hard to make that fly with a jury.

  • alan

    I have just understood how to use “check another site” and I get
    It’s just you. http://WhatsMyIPAddress.com is up

    Out of interest I also tried .net and .org with the results
    It’s just you. http://WhatsMyIPAddress.net is up.
    It’s not just you! http://WhatsMyIPAddress.org looks down from here.

    Then I tried their nameservers which are reported as down, is that correct ?
    The reports are :-
    It’s not just you! http://ns1.cgpholdings.net looks down from here.
    It’s not just you! http://ns2.cgpholdings.net looks down from here.


  • alan


    What is the numerical IP address of WhatsMyIPAddress ?
    I would like to put that direct in my address bar – OpenDNS fails to show me.

    Some while ago great big chunks of the TalkTalk system fell over.
    Many TalkTalk users had total loss of service, but I was lucky – sort off.

    For me I found many sites could not be reached, and most others were slow/reluctant to connect.
    I deduced that most TalkTalk users were like me and used the DNS servers run by TalkTalk,
    and suspected they were unable to cope with the extra burden of re-routing around a broken network,
    so I changed my router settings to OpenDNS and everything was sweet again.

    I am now wondering if OpenDNS has been poisoned ! ! !

    It still reports to me the WhatsMyIPAddress is not loading,
    but both the nameservers are working and something else is wrong.
    The complete report by OpenDNS is below :-

    Hmm, whatismyipaddress.com isn’t loading right now.

    The computers that run whatismyipaddress.com are having some trouble. Usually this is just a temporary problem, so you might want to try again in a few minutes.

    Want more detail? See which nameservers are failing.
    Nameserver trace for whatismyipaddress.com:

    Looking for who is responsible for root zone and followed k.root-servers.net.
    Looking for who is responsible for com and followed b.gtld-servers.net.
    Looking for who is responsible for whatismyipaddress.com and followed ns1.cgpholdings.net.

    Nameservers for whatismyipaddress.com:


    The servers listed are working, but something else might have gone wrong.

  • Ashraf

    @alan: ‘Tis is the Internet. It isn’t designed to be private.

    I don’t know what is going on and why you can’t access WhatsMyIPAddress, but the website is up – I can access it and so they: http://www.downforeveryoneorjustme.com/whatismyipaddress.com/.

  • alan


    My DNS server is OpenDNS, and my ISP is TalkTalk.
    For me WhatsMyIPAddress is STILL down even though the two servers are listed as working.

    Due to this post I have tried to see what is known about me by WhatsMyIPAddress

    Last week I noticed that Google Gmail was volunteering the information that I live at Leyland.
    A very good guess that missed me by only 4 miles.

    Yesterday it occurred to me that my local B.T. telephone exchange holds the interface between my analogue telephone line and the TalkTalk network, and it occurred to me that Google has access to information which links my dynamic IP address with my fixed local exchange interface, and it may even know my telephone number.

    I am so glad my computer does not have a built in web cam for Google to access ! ! !


  • Rob (Down Under)

    Ashraf, are you in the US ?
    I wonder if they are not reporting it ?
    I know in Australia, the husbands constantly get the wrong end of the deal, when marriages (inevitably) disintegrate, and no one in the government or the press ever notice that, or at least do not report it.
    I imagine US would be even worse than Aust ?
    Which makes me wonder if they are not reporting this ludicrous prosecution ?

  • Ashraf

    @socal70xr7: …And that is proof my advice isn’t just baseless ramblings. :D

    @Rob (Down Under): Interesting. I bet that happens a lot.

    @alan: Hehe, thanks, but the website is up for me. It may just be at your end.

  • alan

    WhatsMyIPAddress is down, further details :-

    The servers listed are working, but something else might have gone wrong.

    This is very disappointing.
    Has the “Blogger of the Year” caused it to crash by directing too much traffic for it to handle ! ! !


  • Rob (Down Under)

    @Ashraf: In the last 24 hours the Australian TV News programs have been reporting on a gentleman in the US.
    He suspected his wife was having an affair, and decided to use her GMail password (kept in a wee book beside the PC that they both used).
    He actually found evidence in her GMail emails proving that she was having an affair.
    He is now being prosecuted, and faces 5 years jail, if proven guilty (of reading her emails).

  • socal70xr7

    I had this happen just a few weeks ago. Some hackers in China! I did exactly what you mention above!

  • Ashraf

    @Rob (Down Under): What gentleman? I don’t know what you are talking about. :-(

  • Rob (Down Under)

    I bet this article (or the timing of when it was created) relates to the gentleman that is facing 5 years jail for snooping into his wife’s GMail account ?
    I think he should get 10 years jail.
    Then we should look back, and locate every woman that has ever snooped into their partners phone SMS’s, etc, etc, and give them 10 years as well.