a bit late, but I read a very interesting article - the anatomy of the twitter attack, outlining exactly how a twitter employee was recently hacked.

Baiscally it boils down to the hacker using the Gmail password recovery which emailed the password to that Gmail account users secondary mail account. When requesting the password recovery tool,  Gmail offers a reminder as to which email account it is in the form of *******@h******.com. The hacker then guessed it to be a hotmail account and through a process of gathering this users personal information online, worked out the full email. He then went onto hotmail and realised this email was no longer active. Why? because hotmail de-activates emails that have not been accessed in 9 months. after registering the account, he re-did the gmail password recovery and was soon browsing the twitter employee's personal gmail account. Through that he was able to gain access to passwords for a host of other sites etc. As they mention in the article, it is like domino's