Yep – restored the site to a backup taken before the rogue login, and changed the password.
I don’t think it was a hacking attempt; nothing seemed out of place or to have changed.
It still nags though. Google *could* do this, but why would they want to?
