It sounds like your Gmail account was compromised through a phishing attack or by guessing your password. Since you've already changed your Gmail password, here are some steps you can take to protect your account:

1. Enable two-factor authentication (2FA) on your Gmail account to add an extra layer of security.
2. Check your account recovery options and make sure they're up-to-date with accurate information.
3. Review your account settings and permissions to ensure no suspicious activity has been enabled.
4. Check your Google account security logs for any suspicious login attempts or activities.
5. If you suspect that your GitHub account was compromised through your Gmail account, change your GitHub password and enable 2FA on your GitHub account.
6. Consider enabling 2FA on other important accounts, such as your bank accounts, credit card accounts, and social media accounts.
7. Use a password manager to generate and store strong, unique passwords for each of your accounts.
8. Be cautious when clicking on links or opening attachments in emails, especially from unknown senders.
9. Keep your software and operating system up-to-date with the latest security patches and updates.
10. Monitor your accounts regularly for any suspicious activity or changes.

To prevent future attacks, consider implementing the following best practices:

1. Use strong, unique passwords for each of your accounts.
2. Enable 2FA on all of your important accounts.
3. Use a password manager to generate and store strong, unique passwords.
4. Be cautious when clicking on links or opening attachments in emails.
5. Keep your software and operating system up-to-date with the latest security patches and updates.
6. Regularly monitor your accounts for any suspicious activity or changes.

If you continue to experience issues, consider reaching out to Google support for assistance. They may be able to provide additional guidance and support to help secure your account.