Several rumours from google sources that China accessed google's US-gov intercept system which provides gmail subjects/dates
This was my suspicion when I read that the attackers had accessed "subject lines" from emails but not the content. It sounds like they got access to a system designed for use by law enforcement when they have "trap and trace" authority but not a warrant. Personally, I think email subject lines are not "routing information" and should require a warrant, but the matter hasn't been litigated to my knowledge and of course, law enforcement disagrees.
This is somewhat relevant to my Blackhat DC talk on lawful intercept vulnerabilities, but of course even if this is true, a totally different technology was involved...