196
Hackers discover way to access Google accounts without a password
(www.independent.co.uk)
This is a most excellent place for technology news and articles.
So it is session hijacking, something that has been known for a while?
The main difference that makes this worse is that they can get persistence and maintain access even if the user resets their password (i.e. revoke session tokens). Hackers are usually limited to the fairly short lifetime of the session token (usually a few hours).
Yes, if by for a while you mean 25 years or so.