[dunham]

It's plausible. I've personally seen phishing done via google docs. And, at one point, Oxford blocked google docs because of phishing. So phishing via docs is probably a common occurrence.

To combat this, I wouldn't be surprised if Google had software that tried to detect this (maybe look for spreadsheets of username/passwords), and shut down the accounts associated with it.

[bradleybuda]

Spreadsheets of usernames and passwords are very common - many companies use this to share access internally (not that that's a good idea, but that's a different topic). I've talked to dozens who haven't had their Google accounts shut down. I'd be truly surprised if this was the only reason for the ToS violation.

[epochwolf]

Extremely common. Everyone on my team has a spreadsheet full of usernames, passwords and API keys for test data.