Infostealer malware on a victim's PC will grab saved browser passwords (including Gmail) and package them into a file. In some advanced persistent threats, the malware might upload that file to the attacker’s server. If the attacker’s server has directory listing enabled, the file becomes public.
: Many files found this way are old, fake, or contain non-functional credentials from past breaches. Malware Traps index-of-gmail-password-txt
When users enter this string into a search engine, they are looking for specific server vulnerabilities: Infostealer malware on a victim's PC will grab