It was widely speculated that a GMail exploit was behind some recent domain hijackings. Google investigated the issue with help from affected users and came to the conclusion that the users were victims of a phishing attack through which they managed to get the credentials of the affected users.