Fi 🏳️⚧️So, I haven't seen anyone else remark on this yet, but -
if they got into his gmail, then they presumably had the ability to get into his google account -generally-, including things like "backups" and "findmyphone."
Consider the level of exposure involved here, and the complete silence on -how long- they had this access.
Ongion 🥚🐞@munin even without *sharing* credentials, how many services send a password-reset link *to your email*?