a bit late, but I read a very interesting article - the anatomy of the twitter attack, outlining exactly how a twitter employee was recently hacked. Baiscally it boils down to the hacker using the Gmail password recovery which emailed the password to that Gmail account users secondary mail account. When requesting the password recovery tool,  Gmail offers a reminder as to which email account it is in the form of *******@h******.com. The hacker then guessed it to be a hotmail.....