How Google blocked itself

Tonight I received a letter to the backup mail stating that someone used my password to access GMail mail, and that Google bravely blocked scoundrels. Well, of course, I urgently need to take action. I was a little surprised that the mail that was set up specifically for PayPal was hacked by someone. Considering that it is almost not illuminated anywhere and has a generated high-entropy password, this seemed impossible. However, I changed the password, internally already prepared for SMS with information about withdrawing money from the card. And after changing the password, I began to understand what happened and that's what turned out ...

The password is almost impossible to crack, so at first I thought it was a fraudulent letter about hacking to retrieve my username / password. Moreover, Google warns about this :

Unfortunately, sometimes hackers try to get account data by copying Google messages about a suspicious login attempt. Do not trust messages asking you for your username, password, or other personal information. If the message contains a link to a third-party site, do not click on it and do not enter any data on this site.

But the links in the letter led to accounts.google.com and the browser said that the site is not fake. This is what I saw in the device list:



Yeah, American hackers are trying to hack my mail. It is a bit unusual that only an IPv6 address is listed. Thoughts of a huge botnet from IoT devices, which got my password, started to come to my head.
')
Out of curiosity, I decided to check - whether the trace to this address leads to the Pentagon. The result put everything in its place:

traceroute to 2a00:1450:400c:c0c:0:0:0:211 (2a00:1450:400c:c0c::211), 30 hops max, 80 byte packets 1 2600:3c01::8678:acff:fe0d:79c1 (2600:3c01::8678:acff:fe0d:79c1) 3.296 ms 3.057 ms 3.024 ms (United States) 2 2600:3c01:3333:1::1 (2600:3c01:3333:1::1) 2.886 ms 2.970 ms 2.939 ms (United States) 3 eqixsjc-v6.google.com (2001:504:0:1:0:1:5169:1) 2.866 ms as15169.sfmix.org (2001:504:30::ba01:5169:1) 3.986 ms 4.011 ms (United States) 4 2001:4860:0:1004::2 (2001:4860:0:1004::2) 3.178 ms 2001:4860:0:1005::2 (2001:4860:0:1005::2) 2.576 ms 2.540 ms (United States) 5 2001:4860::8:0:6117 (2001:4860::8:0:6117) 145.173 ms 141.854 ms 142.622 ms (United States) 6 2001:4860::c:4000:d20a (2001:4860::c:4000:d20a) 46.065 ms 40.774 ms 41.735 ms (United States) 7 2001:4860::8:4000:cbc2 (2001:4860::8:4000:cbc2) 49.985 ms 2001:4860::8:0:b0e2 (2001:4860::8:0:b0e2) 154.440 ms 154.322 ms (United States) 8 2001:4860::c:4000:d2a0 (2001:4860::c:4000:d2a0) 59.087 ms 2001:4860::c:4000:d64b (2001:4860::c:4000:d64b) 154.324 ms 2001:4860::c:4000:d29f (2001:4860::c:4000:d29f) 90.399 ms (United States) 9 2001:4860::8:0:bafa (2001:4860::8:0:bafa) 153.360 ms 2001:4860::8:4000:cd7f (2001:4860::8:4000:cd7f) 63.042 ms 2001:4860::8:0:bafa (2001:4860::8:0:bafa) 143.081 ms (United States) 10 2001:4860::c:4000:d9af (2001:4860::c:4000:d9af) 170.679 ms 2001:4860::c:4000:d9ab (2001:4860::c:4000:d9ab) 139.273 ms 140.791 ms (United States) 11 2001:4860::8:0:cc3f (2001:4860::8:0:cc3f) 145.014 ms 145.056 ms 2001:4860::8:4000:d324 (2001:4860::8:4000:d324) 144.381 ms (United States) 12 2001:4860::2:0:76e7 (2001:4860::2:0:76e7) 144.918 ms 2001:4860::2:0:76e8 (2001:4860::2:0:76e8) 144.521 ms 2001:4860::2:0:76e7 (2001:4860::2:0:76e7) 145.444 ms (United States) 13 * * * (?) 14 * * * (?) 15 * * * (?) 16 * * * (?) 17 * * * (?) 18 * * * (?) 19 * * * (?) 20 * * * (?) 21 mail-wr0-x211.google.com (2a00:1450:400c:c0c::211) 142.782 ms 143.318 ms 144.535 ms (Ireland) 

At the end of the specified mail-wr0-x211.google.com. It was here that I remembered that Google itself knows the password for this mail in another GMail account, which accumulates mail from my various addresses. And this time, Google, apparently, began to check mail from another data center, and not as usual. And, I suspect that at that moment I was not the only one who received such letters of hacking. Here I conclude that leapfrog data centers and was the cause of the detection of suspicious activity. What do you say?