Just a few notes about this email and why this is believed to be the email that led to the hack:
* The whole email is fake. There's a bit.ly link in the email to "reset the password". It leads to myaccount [dot] google [dot] com-securitysettingpage [dot] tk [1]
* No emails from shortly after this time have been leaked.
* You can see that the staff believed this to be real and warned to take immediate action:
"This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account."
* The whole email is fake. There's a bit.ly link in the email to "reset the password". It leads to myaccount [dot] google [dot] com-securitysettingpage [dot] tk [1]
* No emails from shortly after this time have been leaked.
* You can see that the staff believed this to be real and warned to take immediate action:
"This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account."
[1] See also: http://www.trueurl.net/service/whataretrueurls.html?q=https%...