According to the story he gave TechCrunch, the Twitter hacker began exploiting Gmail's forgotten-password feature to get into one staffer's personal e-mail. The hacker got a bit lucky here: When he hit the forgotten-password button, Gmail gave him a hint about the secondary e-mail address that the employee had entered when he or she had set up the Gmail account: ******@h******.com. The hacker guessed that this was a Hotmail address; when he checked Hotmail for some addresses that might belong to the user, he found they were no longer active. (Hotmail, like a lot of Web e-mail services, deletes accounts that haven't been accessed in a while.) So the hacker set up the Hotmail account that Gmail thought belonged to the Twitter employee. When Gmail sent a password-reset link to the Hotmail address, it went right into the hacker's hands. (Google has recently added a feature in Gmail that occasionally prompts users to update their backup e-mail addresses.)
After rifling through the Twitter employee's Gmail in search of passwords, the hacker noticed that he seemed to use similar passwords for a lot of different sites. From there, Twitter fell like a line of dominoes: The hacker used the passwords he found in the Gmail account to get into the employee's Google Apps account, which led him to company documents that contained personal information about other Twitter employees. That information allowed him to guess those employees' passwords, which gave him even more personal information, which got him even more passwords, and so on. Eventually the hacker had access not only to documents floating around inside Twitter but also to some employees' accounts at Amazon, AT&T, and iTunes. He even got into the GoDaddy account that managed some of Twitter's domain names.