On May 21 (local time), Google reported that some G Suite user passwords were being stored as text without being encrypted. The target is mainly the G-suite that companies use and does not affect regular Google accounts. It is not clear how many users were specifically affected.
The problem of storing the text in plain text without encrypting it was recently discovered on Facebook, and last year it happened on Twitter. This text storage goes back to 2005. Google has released a tool in 2005 that allows G-Suite administration users to manually set and recover passwords. The bug in this process was that a copy of the unencrypted password was stored in the admin console. This tool is now unavailable.
Separately, it was discovered that in January, when a new user joined the G-Suite, he kept a plain text password for 14 days. No problems have been found to identify unauthorized access or abuse of bugs that have already been fixed. However, the target G Suite administrator is told to change the password. If you do not make changes, Google will initialize your account. In this case, it is an unavoidable problem for users, but using 2-step authentication such as security key can increase security even if password is exposed. For more information, please click here .