Gaia, which allows users to sign in using their password once for a range of services, was compromised during a two-day attack last December, according to a New York Times report that cited a person with knowledge of an internal investigation. However, Gmail users' passwords do not appear to have been stolen, and the company quickly initiated security changes to its networks, according to the report.
The intrusion began when a Google employee in China clicked on a link sent in an instant message that took the employee to a corrupted Web site, which allowed access to the employee's personal computer and ultimately the computers used by a key group of software developers at the company's headquarters in Mountain View, Calif., according to the report.
Google first disclosed the theft of intellectual property in January when revealed that it and other businesses were the victims of "a highly sophisticated and targeted attack" aimed at gathering information about human rights activists. As a result of the theft, Google announced it no longer intended to censor search results in that country and would consider leaving entirely.
For more on this story, read Report: Google password system attacked on CNET News.