In a blog post today, Google disclosed that it recently discovered a bug that caused some portion of G Suite users to have their passwords stored in plain text. The bug has been around since 2005, though Google says that it can’t find any evidence that anybody’s password was improperly accessed. It’s resetting any passwords that might be affected and letting G Suite administrators know about the issue. G Suite is the corporate version of Gmail and Google’s other apps, and apparently the bug came about in this product because of a feature designed specifically for companies. Early on, it was possible for your company administrator for G Suite apps to set user passwords manually — say, before a new employee came on board — and if they did, the admin console would store those passwords in plain text instead of hashing them. Google has since removed that capability from administrators.
Read how Google stored some of its passwords in plain text for fourteen long years on the Verge.