[clnq]

I know a company that once worked on an unannounced product, X, a few years ago. At the time, you could Google "who made X," and Google would correctly show you that company. It was a start-up size business using GSuite, so far too unlikely to be a lucky guess by Google.

This caused no damage as the public needed to know what X was to Google it, and it was unannounced. But it was suspicious. Either Google was scanning GSuite Gmail or Drive accounts, or perhaps someone stored a document on or sent an email to a personal Google account with some keywords. How these things happen is always very opaque with companies like Google.

[zeven7]

Our maybe an internal page was accidentally externally accessible, someone internal visited it in Chrome, and the URL got added to the list of things to scrape.

[erosenbe0]

I've see this without Gsuite vector. Could be employees logged in to personal device and leaking through those interactions. Or email to external investors, consultants, or contractors? Send something out to your external translation or localization team, ad agency, or copy editor? Difficult not to have some leakage.

[clnq]

All of these could be true. However, the start-up was using GSuite a lot. It constituted about 90% of the company's interactions with Google. It's impossible to certainly know what happened since Google can't be asked where it got its data.