On Tuesday May 3, 2017 reports were coming in of a phishing attack impersonating a Google Docs sharing email coming from Gmail.  The emails, at the outset, targeted journalists primarily and attempted to trick victims into granting the malicious application permission to access the user’s Google account.  Google was able to stop the campaign within approximately one hour, it's unknown how many accounts were compromised, but current counts are approximated at close to 1 million accounts.  While contact information was accessed and used by this campaign, it appears no other data was accessed or exposed.  Google advises caution in clicking on links in emails sharing Google Docs.

The messages received purport to be from a contact, including contacts known to the victim, wanting to share a Google Doc file. Once the “Open in Docs” button is clicked, the victim is redirected to Google’s OAUTH2 service and the user is prompted to allow the attacker’s malicious application, called “Google Docs,” to access their Google account and related services, including contacts, Gmail, Docs and more.

Additional information on this campaign may be found at the following articles:

Google Shuts Down Docs Phishing Spree - Threatpost, May 3, 2017

1 Million Gmail Users Impacted by Google Docs Phishing Attack - Threatpost - May 4, 2017