My Google account was compromised for 6 months, and google sent me no security notification regarding this. On 22 Aug, Google sent me a notification that "you signed out from your device" when I was watching YouTube on my Android device. When I checked in my Google Account dashboard, it showed that my gmail was logged out from Germany. My Gmail had been logged into that device since Feb, 2025. My Google account has had 2FA enabled for the past four years, since I created this account. However, I received no notification or email that someone had logged into my account.
My password was strong according to Google. I use Bitwarden for generating all my passwords. I had photos and some important documents stored on this account. After searching about this situation on Google and ChatGPT, I found that the hackers might have stolen my cookie session or something similar. I also did a complete antivirus scan of my Windows laptop, Windows Defender found nothing, but on ChatGpt's suggestion, I re-scanned with Malwarebytes Antivirus, and it detected the malware and information logger on my system. I used to think Windows Defender was enough but the paid antivirus software is still better.
This malware was inside the folder of the pirated software which I downloaded from the site called getintopc.com. I was using this website to download software for seven years and never had any trouble but this time was different. After discovering these things, I quickly installed the Linux Mint and deleted Windows 10 completely from my hard drive. I was paranoid that the hacker might have installed keylogger, that's why I switched to Linux. I removed my phone number and started using Aegis Authenticator app for 2FA on Google. I also have decided to de-google my tools and deleted all my documents and photos from their platform after taking a backup.
The hacker was in my google account for six months and I have no idea what they took from me in this period, as I had my photos in Google Photos and some important documents in Google Drive. As I said above, I am de-googling my tools, so far I have changed my email to protonmail (free version). It only comes with 500mb, so maybe I'll upgrade in the future. And for my photos and notes, I will not use any cloud services from now on and will store everything on my hard drive and pen drives. I have decided to shift to Linux completely.
Update: I am back on Windows 10 LTSC IOT :|