The company informed via email the account managers affected by the security error, that in some cases the passwords had not been hashed. Hashing is a security practice that protects credentials by using an encryption algorithm.
Google is trying to persuade users that the bug was only about the business version of G Suite and did not affect other consumers, and also stated that there were no signs of password abuse and that the passwords were encrypted.
There are essentially two security issues in the case. The first is about a G Suite feature available from 2005, which allowed administrators to set G Suite users' passwords through the Google Account's admin console. However, although it is designed to help new employees in a business to set their passwords and connect, they do not apply practice hashing to these codes.
The second problem is to record some user passwords on platforms and to maintain these credentials for about 14 days each time again without hashing. This practice began in January of this year, during attempts by Google employees to face problems of the connection system and has stopped.
Representative of the company said that both of these problems have been resolved.
The hashing process is applied so that if someone illegally invades a sever, they can not get the people sign-in credentials: passwords are encrypted in such a way that malicious agents can not understand who the prototypes are and they can not use to connect to other services or platforms.
In this case the codes were not hadhed, so they were vulnerable if a competent hacker or even an employee of the company was trying to intercept them.
From today, Google will start changing passwords for affected accounts that have not changed.