Apparently, Gmail had a large security flaw which could have led to mining huge numbers of users email addresses.
“Oren Hafif, a security penetration expert, discovered last year that he could manipulate the little-used account-sharing feature in Gmail to edit the 'Rejection Confirmed' webpage. After changing one character in the URL of the page that appears when you reject access to a shared account, Hafif found he could make the page tell him that he had been declined access to another email address…By using DirBuster, a brute-force hacking program, he automated the character-changing process and saved 37,000 Gmail addresses to a text file in around two hours. From this, he could extract the individual email addresses.” – Neowin
Of course, the email addresses alone would give nothing, however, they could be sold to spammers and phishers for a nice profit.
Anyway, Google has patched the flaw, but you have to wonder how many more there are.
Source:
http://www.neowin.net/news/gmail-had-a-simple-flaw-that-allowed-anyone-to-obtain-every-email-address