Google stored some users' passwords in plain text

Google confirmed this function no longer exists


Tech Desk May 23, 2019
A man holds his smartphone which displays the Google home page, in this picture illustration taken in Bordeaux, Southwestern France, August 22, 2016. PHOTO: REUTERS

In a blog post on Tuesday, Google admitted the discovery of an issue in their popular enterprise product, G Suite, in January.

Cryptographically hashed passwords stored in a system are jumbled into a seemingly randomized combination of numbers in order to further conceal the passwords.

Google shuts down Google+ after mass data leak

This issue, having existed since 2005, resulted in the passwords being stored in an unscrambled, plain text copy in G Suite’s administration console. This console served the purpose of allowing administrators to reset a password for a user who may have forgotten theirs, but Google confirmed this function no longer exists.

"This practice did not live up to our standards," Suzanne Frey, Google's VP of engineering, Cloud trust, said in the blog post. "To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords."

Google moves to fix YouTube glitch exploited for child porn

Google claims to have contacted G Suite administrators to change those password affected and has reset passwords for users who have not manually already done so. Google has yet to reveal how many users were impacted by the bug, but it can be ensured that users of Google’s free consumer accounts are safe as the bug would only affect users of G Suite.

A similar yet much more unfavourable situation occurred back in March when it was discovered that Facebook had stored millions of passwords in plain text.

This article originally appeared on Mashable.

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ