Those invitations were all tied to the inviter; all Google had to do was identify any single invitation or an account created with one and that would lead them directly to the employee misusing their invites.