If you are suspicious that your Google / Gmail Account Password got leaked and someone else is using it, then here are the top 4 things that you should do right now:
1. Check your Account Log in Activity
Log in to your Gmail Account and at the bottom of the page you can see Last account activity written. Click on the Details link and a new window will pop-up:
The content of this window will give you a list of 10 recent IP Addresses, their Location (country and state) and Devices (Browser, Mobile, POP3, Tablet, IMAP etc.) that were used to access your Account on a particular date and time. At the bottom of the page, you can also see the IP Address of your Computer currently using Gmail.
Carefully analyze the Location (IP address) and Date/Time columns on this page and if you think your Account has been accessed from some suspicious location or an IP Address, hit the Sign out all other sessions button and jump to step 4 below:
Note: You can check your currently allotted IP address either by using Google or by using What is My IP Address. You can also check the ISP, City, State and Country (Geo-location information) of ANY IP Address using IP Lookup.
2. Check your Google Account Dashboard
A new feature in Google Dashboard detects and flags any suspicious logins to any product associated with your account. You can see all suspicious log in alerts, if any, on this page.
Every time you use any Google product, you provide them your IP Address, which helps their automated system in determining your broad geographic location. If you log in to any product using a remote IP address, then their system will flag it for you.
For example, if you normally log in to your account from your home in India and a few hours later your account gets logged in from France, then you will get a suspicious log in activity notification at the top of your Dashboard.
3. Check Applications, Services & Websites authorized to use your Account
There are lots of third party applications, websites and services which allows you to associate your Google Account with their service for instant log in, importing / exporting contacts and account data. You can see a full list of all these websites and services on this page.
Carefully analyze the list and remove (revoke access) all those which you don’t use anymore or which seems to be suspicious.
4. Change your Account Password & Security Question
Whenever you are suspicious that your log in details has been leaked and someone else is using your Account, then you should immediately change your password using this page.
It’s also recommended to change security question(s) for your account using this page. On this page, you can also set your Mobile Number, Alternate and Recovery Email Addresses.
And, in case your Google Account has been compromised, then you need to directly contact Google Team using Account Recovery Page.