For some people it is not very clear how Google Sync really works and how to secure your data. And I have to agree that Google is not very clear on that. How is logging into Chrome different than from logging into your Google account? Well, it are two completely seperate things and you should not mix them. It is well known that you should not login into Chrome on a public or a shared computer. You should not sync your Google account if the underlying systems account is not 100% yours. Worse, if you use someone elses Chrome you should do that in an incognito session. In incognito no information of the session is saves, no history, no cookies, no passwords and no synchronisation to a Google account.
These journalists tested or reviewed a device with Chrome on it. The first one logged into Chrome and synced it to his Google account. When he was ready testing it he send it back or send it to the second journalist. It was not cleaned. The second journalist created a new user in Chrome, logged into Chrome to sync his account and deleted the first.
And that is where things went wrong. It seems that Google merges the sync data once you delete a user in Chrome. Is this a fault of Chrome? Maybe, but it is more a fault of the users. Never ever log into a computer that you do not entirely own. This is utterly wrong, but I agree that it is not very clear to Muggles. We have to educate them. And Chrome might be a littebit clearer on it.