Gaia, recently renamed Single Sign-On, is the password system that allows one login and password to access all of Google's services, including Gmail, Maps, Picasa, Search, and Reader. The New York Times has a source who says the hack targeted Gaia, and could have dangerous security ramifications in spite of Google's quick action to patch holes.
The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition that he not be identified.
By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team.
Google discovered the hack very early; within a few hours, the company had already instituted another layer of security upon login. The risk, though quite small, is that the hackers could have installed a Trojan horse virus in order to retain access to Gaia. They could then snoop around and, if they were particularly skilled, figure out an exploit Google's engineers hadn't yet discovered. It's a small risk, though predictably, anti-virus companies like McAfee are playing up the danger. Google's been extremely fast, thorough, and transparent in their reaction, and the likelihood that they missed some vital mistake is slim. Still, it's enough to make you just a teensy bit scared of that universal login. Unless you own an Android phone, then it remains awesome.