Reports that a purported Gmail vulnerability was being used by unauthorized third parties to hijack domains turned out to be a phishing scam, Google announced “our results indicate no evidence of a Gmail vulnerability, with help from affected users, we determined that the cause was a phishing scheme”

Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as "google-hosts.com" that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired.