How did someone log-in to my Gmail account from Kenya?

Your password was not stolen. As you pointed out, Opera Mini uses proxy servers. Per the link provided in thexacre's answer, Google incorrectly identifies the servers as being in Nairobi, Kenya:

When you use Opera Mini, you're connected to Opera servers, which download websites you want, compress and transform them, and at the end they are sent to your phone. So the idea is similar to proxy servers. IP address on the screenshot you attached is in fact one of Opera Mini servers, so you shouldn't be worried. I don't know why it's detected as Kenya, you'd better ask Google.

So everything was fine except for Google's IP geolocation.


Seeing as you're using Opera Mini this is a likely explanation:

Unlike straightforward web browsers, Opera Mini fetches all content through a proxy server and reformats web pages into a format more suitable for small screens.

https://en.wikipedia.org/wiki/Opera_Mini

Of course it's difficult to be certain, and 2FA is still vulnerable to certain attack vectors such as phishing.

It seems others have noticed the same thing.

If you have the IP address used I'd probably Google it and also look it up in a GeoIP database to see if it's assigned to any organisation (eg. Opera).

You might also like to consider creating a new app specific password just to be safe, seeing as app specific passwords are a significant threat if compromised.