On my blog about a recently discovered bug that resulted in some G Suite users' passwords being stored unencrypted inside plain text files. This bug has existed since 2005. However, Google claims that it cannot find any evidence that any of these passwords fell into the hands of attackers or were misused. However, the company will reset any passwords that may be affected and notify G Suite administrators of the issue.
G Suite is the enterprise version of Gmail and other Google apps, and the bug apparently occurred in this product due to a feature designed specifically for businesses. At the beginning of the service, a company administrator could use G Suite applications to set user passwords manually: say, before a new employee joined the system. If he used this option, the admin console would save such passwords as plain text instead of hashing them. Google later took away this ability from administrators, but passwords remained in text files.
In its post, Google takes pains to explain how cryptographic hashing works so that the nuances associated with the error are clear. Although the passwords were stored in clear text, they were on Google servers, so third parties could only gain access to them by hacking into the servers (unless they were Google employees).
Google didn't say how many users were potentially affected, other than to say it was a "subset of G Suite enterprise customers"—likely anyone who used G Suite in 2005. While Google could find no evidence that anyone used this access maliciously, it is not entirely clear who might have access to these text files.
In any case, the issue has now been fixed, and Google expressed regret in its post about the issue: “We take the security of our enterprise customers very seriously and are proud to promote industry-leading account security practices. In this case, we did not meet our standards or our clients' standards. We apologize to users and promise to do better in the future."
Source: 3dnews.ru