Google typically stores its passwords in a cryptographically-scrambled hash. However, due to the bug, G Suite’s password recovery feature for administrators somehow allowed the passwords to be stored in the admin’s control panel. As of recently, Google has disabled the feature causing the security risk.
However, for a long time, the passwords were accessible to both authorized Google personnel and malicious hackers.
The plaintext bug is nothing new. In fact, Twitter and Facebook have both dealt with similar issues in the past year or so. However, Google is taking this a step further by auto-resetting passwords out of caution. So, kudos for taking that extra measure.
The trouble is, this bug has existed since at least 2005. Although the company claims the passwords were never compromised, 14 years is a long time for this to go under the radar.
If you’re a G Suite user, you should really add two-factor authentication and pray that your password was never compromised.
https://beincrypto.com/google-has-been-accidentally-storing-passwords-in-plaintext-since-2005/