John Markoff’s article yesterday in The New York Times reveals that Google’s authentication system, code name "Gaia," was one of the targets of attack.
The target wasn’t Google users’ passwords, but the authentication system itself (Markoff refers to it as a “single sign-on” system; I’m reluctant to do that, since my own experience shows it to be a rather confusing mesh of both interconnected and disconnected authenticators… seems like Google could do a lot more to help users link and manage their IDs under one master account of their choosing). Why not the passwords? It’s far more valuable to gain access to the code and learn the intricacies – and weaknesses – of the system itself, rather than gain access to a few (or even a few thousand) accounts. My own theory is that this is why Adobe and various antimalware companies were targeted by the same network of attacks: the former, to find more weaknesses in Flash and Acrobat to exploit, and the latter, to learn how to bypass security mechanisms designed to defeat such attacks.
Markoff has several other excellent articles on the cyber attacks made public by Google in January, most notably this one.