An issue with Google Apps over the weekend sent the company scrambling to fix a hole in its Script API. The problem allowed a specific domain to harvest the e-mail addresses of anyone who visited the site while logged into their Google account, according to a report on InfoSecurity. The site in question appears to have been started by a 21-year-old Armenian under the handle Vahe G . In a statement, Google announced they had disabled the site on their Blogspot platform.
Source: https://threatpost.com/google-flaw-allowed-easy-e-mail-harvesting-112210/74701/