The reported cyber-attack on Google in China may have given the perpetrators access to the password system Google uses to control millions of users' access details.
The New York Times reports that Google's punter management system - called Gaia - was compromised during a two-day attack last December. The newspaper's source was 'a person close to the internal investigations'.
But it appears that Gmail passwords were not stolen during the attack.
When a Google employee in China clicked on a link sent in an instant message it gave the attackers access to Google's computers, including those used by developers at the company's headquarters in Mountain View, California, according to the report.
The hack kicked off an international row, with the Chinese denying involvement in the attack and Google pretending that US snoops don't have routine access to anything the company gets up to.
Eventually, Google shut its Google.cn site, redirecting users to Google.com.hk, in Hong Kong.