Comment by benlivengood

The September intrusions detected sound pretty suspicious. I am sure there are plenty of bad actors trying to take over existing Google Developer accounts to use for spam/fraud, and it sounds like there was at least one compromised account and compromised device which could easily lead to other compromised accounts or persistent malware.