Google admits that it has left some G Suite passwords that have been stored in plain text for 14 years

Google admits that it has left some G Suite passwords that are stored in legible text and can be searched by employees for 14 years

  • Google discovered that some user passwords have been stored in plain text for 14 years
  • The problem only affects G Suite customers, a Google product for companies
  • The company said it was not proof of & # 39; improper use & # 39; has seen since it was discovered

Google said it accidentally left the passwords of some business customers on its servers for 14 years.

A & # 39; small percentage of G Suite users & # 39; was struck by a bug in his system, meaning that their passwords were stored in plain text, giving some Google employees unfiltered access to the data, according to Wired.

G Suite is a business-focused product that offers bundled access to Google services such as Gmail, Google Drive, Calendar, and other business functions.

The incident comes not long after fellow tech giants Facebook and Twitter announced their own privacy slip-ups, discovering that some passwords were stored in plain text.

Scroll down for video

A & # 39; small percentage of G Suite users & # 39; was struck by a bug in his system, which meant that their passwords were stored in plain text, giving some Google employees unfiltered access to the data

A & # 39; small percentage of G Suite users & # 39; was struck by a bug in his system, which meant that their passwords were stored in plain text, giving some Google employees unfiltered access to the data

WHAT SHOULD YOU DO NOW?

Google said the company has already started reporting companies affected by the problem.

The company said it will also reset all affected passwords that have not been changed & out of an abundance of caution & # 39 ;.

Google has recommended users to use two-factor verification to add an extra layer of security to their accounts.

The company said it provides G Suite administrators with security keys that can prevent bad actors from hacking your account if they don't have access to the physical key.

Since the error only affects G Suite users, it means that consumers do not have to worry that their account will be affected by the problem.

Google reports that the company has informed G Suite customers that some of their passwords are stored in plain text.

& # 39; We have conducted a thorough investigation and found no evidence of inappropriate access to or misuse of the relevant G Suite login information & # 39 ;, said Suzanne Frey, vice president of engineering at Google & # 39; s Cloud Trust.

Typically, Google stores user passwords by hashing them, converting your password into any string of characters.

Every time someone logs in, Google verifies that his password is correct by comparing his hashed password with that on his servers. When it is determined that it is an agreement, they can continue to log in.

As part of G Suite, domain administrators had the ability to set and recover passwords, which proved to be useful when boarding new users.

However, Google discovered that an error in the Admin Console meant that users' passwords were not saved.

Although the passwords were in plain text, Frey said they remained in our secure encrypted infrastructure. & # 39;

The issue affects G Suite users, a business product that offers bundled access to Google services such as Gmail, Google Drive, Calendar, and other business features

The issue affects G Suite users, a business product that offers bundled access to Google services such as Gmail, Google Drive, Calendar, and other business features

The issue affects G Suite users, a business product that offers bundled access to Google services such as Gmail, Google Drive, Calendar, and other business features

The passwords have been stored in the administrator console since 2005, the company said.

Google has since removed this feature.

The company also made a separate discovery that early January a & # 39; subset & # 39; had been stored in the encrypted infrastructure.

This subset of passwords is stored in legible text for 14 days, Frey explains.

& # 39; This issue has been resolved and we have again not seen any evidence of incorrect access to or misuse of the affected passwords & # 39 ;, she added.

Frey added that Google will continue to investigate the incident to ensure that it is an isolated event.

& # 39; Here we have not met our own standards and those of our customers & she said. & # 39; We apologize to our users and it will do better. & # 39;

.