My guess is that the author's home computer was compromised or their gmail password was guessed. They mentioned that they ignored a warning that someone logged into their account remotely.
At home I have a Chromebox machine that I only use for online banking and no other purpose.
My other machines are used for the usual consumer Web activities, including Web site administration. I'm wondering if perhaps I should modify my approach to do the admin only from the Chromebox... which brings up the classic tradeoff of security vs convenience.