Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years

An undisclosed number of Google enterprise users have had their passwords stored in plaintext on the tech giant’s internal systems for over a decade, according to a corporate blog post on Tuesday.

“We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.

Google said the issue stemmed from giving account administrators – for instance, a company’s head of IT – the ability to manually set passwords for employees – say, on an someone’s first day. But back in 2005, an error was made, Google said, and the admin portal ended up storing unhashed copies of passwords on the tech giant’s encrypted servers. In other words, for the past 14 years, some G Suite users have had their corporate passwords stored in such a way that would have been readable by authorized personnel, like account administrators or certain Google employees.

Google first found the issue this April and said it has since been fixed. In its blog post Tuesday, Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider’s question regarding that number.

This February, Google announced that its G Suite platform – which includes apps like Gmail, Docs, and Hangouts – has over 5 million paying businesses.

“To be clear, these passwords remained in our secure encrypted infrastructure,” Frey wrote. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

Google said G Suite administrators have been notified and that it will update passwords that have not already been changed. It also said that none of its free consumer accounts were included in the mishap.

Hi there,
I would like to enquire about your services.
Powered by