There aren't a lot of details, but apparently Gmail had a security hole where a web site could grab your email address if you were logged into Gmail at the time you went to the web site. I assume the vulnerability is a weak SSO token on the computer or maybe something stupid left behind in a cookie. Whatever they're doing, yikes!
Google has reportedly fixed the problem.