G Suite is an enterprise version of Gmail and other Google applications. Obviously, this vulnerability in G Suite stems from functions specifically addressed by the enterprise. At first, the company's G Suite application administrator could manually set user passwords -- for example, before a new employee enters office -- and if the administrator did so, the admin console would store the passwords in plain text rather than hash-encrypted storage. After that, Google removed the administrator function.
Google's post explains in detail how encrypted hashes work, as if to clarify the nuances associated with this vulnerability. Although passwords are stored in plaintext, they are at least stored in plaintext in Google.The serverAs a result, these plaintext passwords are more difficult to access than those stored on the open Internet. Although Google hasn't made it clear, it seems to be trying to convince people that this vulnerability is different from other leaked plaintext password issues.
In addition, Google did not specify how many users were affected by the vulnerability, but said that it affected "some of our corporate G Suite users" - estimated to be those who used G Suite in 2005. Although Google has not found any evidence of malicious use of this access right, we have no clear idea who has accessed these plaintext passwords.
The vulnerability has been fixed, and Google apologized at the end of the blog.