Somebody found a flaw in the way gmail treats email addresses with “.” in the email address. To put it simply if my email address was james@gmail.com but somebody sends an email to j.ames@gmail.com. Gmail assumes it is for james@gmail.com and sends it to me. Even though the address is not mine. In other words gmail ignores periods in email addresses.
Why is this bad? Well it makes it easier to trick you into thinking you are getting a legitimate email from people and companies when in fact you might be getting setup for an attack. How would this attack work?
A hacker can sign up for common services like netflix, hulu or amazon prime and use the suspect version of your gmail address. From there when they are done signing up they can order products or services with a bogus credit card number and when it fails you (the one with a good gmail address) may get an invoice or request to update your credit card from these companies and you might assume it’s your normal bill and pay it.
This would then mean the hacker got you to pay for services because gmail assumed the bogus address was yours and you thought it was legit because it came from a service you use already.
How to protect yourself beside deleting your gmail accounts? Always check carefully where and email came from AND who it was addressed to. For any email asking for money or account information.