fbpx
Engage Web logo - horizontal-resized

ENGAGEWEB

Unlocked

Google admits storing passwords in plain text for over 10 years

Unlocked

Google admits storing passwords in plain text for over 10 years

Search giant Google has recently disclosed that it has discovered an issue whereby a number of G Suite users have had their passwords being stored in plain text format.

According to the company, which announced the discovery in a blog post earlier this week, the problem has been around for over a decade, since 2005. However, Google does not believe that any of the passwords were inappropriately accessed after finding no evidence for this to be the case. As a result of the discovery, the company will be resetting any of the passwords that may have been compromised as well as informing G Suite administrators about the issue.

Google did not state how many passwords were being stored this way, but did say it has affected a subset of customers. This could presumably be anyone that was using the service back in 2005. Furthermore, whilst there was no evidence of malicious access, it is not clear as to who would have had access to these passwords in the first place.

G Suite is the company’s corporate version of Gmail and many other of its services, and it is believed that the error came about within this service because of a feature that was designed specifically for use by businesses.

Earlier in G Suite’s existence, users were able to manually set user passwords for their businesses in situations such as in readiness for a new employee starting, and once the password was set, the admin console would then store that password in plain text rather than hashing it. Since the discovery, Google has now removed that ability from administrators.

In the blog post, Google goes to great length to explain the ins and outs of cryptographic hashing and how it works, possibly in an effort to reassure users that the nuances around this bug have been cleared.

Although passwords were stored in plain text format, they were stored inside Google’s own servers, meaning that it would be harder to get to them than if they were stored on the open internet. While Google didn’t explicitly say this, it seems that the company wants to make sure this incident is not lumped into the same pile as other password bugs that were leaked after being stored online.

Google has issued an apology for this error, stating that it did not live up to its own standards, reiterating that it takes the security of its customers extremely seriously.

Alan Littler

Get in touch

Please enable JavaScript in your browser to complete this form.

What is 7+4?

Acceptance

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

>

Book a consultation with Engage Web

Book a consultation with Engage Web

Sorry to interrupt, but would you like to download our FREE Social Media Calendars?

Social Media Calendar Product Mock Up for web

 You can use them to plan your social media and content in advance, saving you time and getting better results. When you use our social media calendars, you'll always know what's trending and what to post about for your business.

FREE DOWNLOAD