What you should do after a Google Docs Phishing attack?

If you got hit by the massive phishing attack on Google Docs that hit the internet on May 3, it takes phishing to a new level because it was coming from known contacts from you email list. It affected millions of users, since it seemed looked like a legitimate view shared document request.

But there were some dead give-aways, such as message going to hhhhhhhhhhhh?

For those who may have been tricked by the attack and clicked on the phishing link, the attacker potentially had access to the victims' Google accounts and contacts.

Google recommends that users visit https://myaccount.google.com/secureaccount and remove any apps they don't recognize.

Remove granted permissions to others, under Check your account permissions

Also when you are there if you scroll down to the bottom you see that google stores all your passwords to every site you save you passwords with. 

This is unusual since, these passwords generally should stay on your computer, but Google has decided them to put them in the cloud, for your convenience or an easy back door for Google? 

This is an invasion really of your privacy. It's unexpected browser behavior.
Your Save passwords for sites are stored in the Google Cloud!