I followed the news of these attacks with a lot of interest starting on Jan 3rd, and have done some digging back to see what else people had been saying prior to disclosure.
The embargo was officially broken on Jan. 3rd by this post from Google, followed shortly by a bundle of technical details in their Project Zero post.
In that first link they justify breaking the embargo by saying: "We are posting before an originally coordinated disclosure date of January 9, 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."
There were a number of reports that an aware observer could have picked up on prior to that date. The biggest "smoking gun" for a speculative execution exploit (that I'm aware of) was made when an AMD developer submitted a Linux patch on Dec. 26th, which is linked in the article you provide. To my knowledge that's the first time a public report directly connected speculative memory references to a possible attack and patchset. Prior to this an article at LWN on Dec. 20th suggested that the page table isolation patchest was really addressing a deeper security flaw, but no specific reference to speculative execution being the source of the problem.
People really started to pay attention on Dec. 28th-29th after the page table isolation patches were merged into the kernel by Linus. A change of this magnitude usually takes a lot longer to be applied to the mainline kernel, so this essentially announced to the world that there was indeed an embargoed vulnerability.
The internet started blowing up on Dec 30th and Jan 1st. grsecurity on Twitter was convinced that there was an embargo at least as early as the 28th, and on the 30th observed to the world that there were missing source code comments in the Linux patchset. python sweetness on Tumblr accurately predicted on Jan 1st that it was a hardware-based vulnerability in x86 that could do unprivileged memory reads, and speculated about the possible hypervisor attack based on the presence of employees of Amazon and Google being looped in.
Then, of course, the Register published their piece on Jan 2nd and the entire world was looped in. That article referenced AMD's Dec 26th patch and connected speculative execution to the undisclosed vulnerability.
There has been growing interest in the security research community about the vulnerability of modern microarchitectures. The Spectre paper cites no less than 12 other works about leaking data from inside the processor or L1 cache, and recent work from 2016 about exploiting branch predictors to bypass address space randomization arguably laid the foundations for Spectre. Anders Fogh's blog outlined some basic techniques for the attacks at the end of last July but reported a negative result. If you throw Fogh in there, that's three separate groups independently finding and reporting these specific vulnerabilities inside a single year.
The Spectre vulnerability in particular is a really big deal, meaning that they're going to be talking about it for a long-long-long time to come. My guess is that part of the desire to disclose early was to make sure they claim credit where it was due. Imagine if you were sitting on a game-changing vulnerability. You know that at least one other group has already independently discovered your vulnerability, and if you're up to date on your blogs you know that Fogh has been investigating the same. A sudden bout of press activity spooks you into thinking that a fourth person has discovered and was about to disclose the same vulnerability you'd been sitting on for a year!
What specifically caused Google's team to break the embargo we won't know. The Register's article is the obvious candidate, but the cat was really out of the bag once the page table isolation patches started moving in early December.