If you got a text message "Your Gmail has been hacked" or "Your Gmail account has been compromised," do not bother with the steps in this article; instead see: SMS Message: Your GMail has been Hacked.
1. Confirm recent Login History
From the main Gmail Inbox, look at the bottom footer.
Click "Last Account Activity: Details".
Confirm the login activity seems reasonable.
|Click for Larger View; "X" to return|
2. Confirm Connected Applications and Sites
Make sure hackers have not inserted a new program or site into your Gmail environment.
Open Account Settings
(Click pull-down arrow next to your account-picture (upper-right corner on Gmail main screen),
then choose "Account").
Click left-Nav, "Security"
In "Connected Applications and Sites", click "Review Permissions"
(When prompted, type your password to open the screen)
Confirm all connected sites, apps and services seem reasonable.
Revoke Access if you have doubts.
3. Check Account Access
a. From Gmail, click the Gear Icon (upper right corner)
b. Choose "Settings"
c. Click top-row tabs, "[Accounts]"
e. Confirm "Mark conversations as read when opened by others"
4. Check Forwarding
a. In the "[Forwarding and POP/IMAP]" tab
Confirm you are not (auto) forwarding messages to another email address.
b. In [Filters]
Confirm there are no unexpected Filters (which can also be used to forward emails)
5. Enable Google 2-Step Verification
Consider enabling Google's Google's 2-step verification. With this, your account cannot be hacked -- even if the perpetrator knows your username and password. I have done this myself for better than a year and this is highly recommended.
With two-factor authentication, I login with my normal User-ID and password and then a few seconds later, Google sends a text message to my cell phone. In a secondary Google login screen, I type the numeric code from the text message. Only then can I open my account. This technique works with both smart and non-smart cell phones.
It works like this:
Login with something you know (your credentials)
+ something you have (your phone)
The only way to get past this is to kidnap me and my phone.
What if you don't have your phone? You can't login. However, when you first engage this service, Google provides a short list of longer emergency codes that only you know. Print these and file in a drawer should you ever need them.
a. From your Account Profile (click pull-down next to your Account Picture)
b. Choose "Accounts"
c. On left-nav, click "Security"
d. 2-step Verification "Edit"
Details on Google's 2-step verification can be found here: link: Two-step verification
SMS Message: Your GMail has been Hacked
Google Account Compromised
Google has these instructions if your account were hacked and the password was changed: