mcavic - 4:32 pm on Jan 23, 2007 (gmt 0)
The information was collected when users submitted suspected phishing sites through the Google Toolbar browser extension. Several of the URLs that were submitted also contained login and password information.
Ok, so it wasn't a leak, per se. Users submitted sensitive URLs to Google, and Google automatically published them. I wouldn't really blame Google for that.