No link to story available
According to a Motherboard article [vice.com], the attacker was able to use OAuth [wikipedia.org] to impersonate Google, and a security researcher says
[...] he warned Google directly about this vulnerability in 2012, and suggested that Google address it by checking to [...] ensure the name of any given app matched the URL of the company behind it.