News came out yesterday, May 21, that Google had stored passwords in plaintext.
DC919 received an email notification that 2 users had a password stored in plaintext. “Google Planned Action: for your security, starting tomorrow Wednesday May 22, 2019 PT we will force a password change unless it has already been changed prior to that time.”
Admin checked the 2 users, they had only basic email access and Last Sign In: “Hasn’t signed in” The passwords stored were Google’s own auto-generated passwords. Previous to today, admin had the option to view the auto-generated password for a user after reset. Today, this is no longer an option. DC919 always forced the user to change their password on first login. The 2 users have been suspended and the group members the accounts belonged to have been contacted.