Hackers are always at ease in breaking the single verification system.So Google started the 2 way verification system to provide extra layer of security to keep hackers at bay.Even the extra verification system couldn’t stop the hackers from bypassing the system. Thankfully, those hackers were the security experts from Duo Security ,who successfully showed the hack. Based on the previous work of Nikolay Elenkov, they demonstrated the verification bypass one can do by exploiting the ASP (Application-Specific Passwords).
The ASP is used by applications to access the account than the actual password.Suppose, ASP is created for one application ,the same ASP can be used for other applications .So ASP for chat application can be used for checking your emails and calendar details.But for now changes has been made after it was reported to Google. So users like me and you can relax for now till someone hits the Google security.