How was my old Google account compromised?

A moment ago I received an email from Google stating that a Google/Gmail account I created for a side project many years ago, just had a successful password reset and login from Hong Kong (IP 45.56.152.169). I've since changed password and added my current mobile number to beef up the account security.

The Google account doesn't matter much to me and there was no sensitive information stored on any of the Google services but I am honestly baffled how hackers could successfully reset the password. The account was created for a small side project that never took of, so no one knows about it (I hadn't signed into it for years). I did use the gmail address to sign up for a couple of services (flickr, skype, tumblr, etc, dropbox) but the password for every single account was very strong never re-used.

Any ideas on how attackers could reset the password? Anyone experienced something similar where an seemingly "impossible" password reset was successfully executed by attackers?