Passwords have been kept by Google as text from 2005 to January 2019, according to the company’s announcement on Wednesday. This problem only affected some customers using the G Suite service.
Normally, companies store their users’ passwords in encrypted form, which prevents hackers from reading them if they access the database.
Password encryption also prevents companies that store them, such as Google, from being able to access them.
No undue access detected
Google explains on its website (New Window) that it offers G Suite account administrators (a set of tools for businesses) the ability to create new user account passwords for themselves and the users. recover if they forgot them. This allowed new employees to quickly access their Google account.
However, by creating this feature, Google made a mistake: when a user tried to recover his password, it appeared in the administrator console in unencrypted form.
The US giant says that passwords in text form were kept in a system that was encrypted, and no undue access to passwords was detected.
Another mistake again affecting G Suite customers was also noted in January 2019. This bug also ensured that plain text passwords were kept in an encrypted system, this time never more than 14 times. days. Google has not found any trace of intrusion related to this flaw.
Both errors have been corrected by Google, which ensures continue investigation to confirm beyond doubt that these are isolated incidents.
Affected G Suite account administrators have been contacted by Google in recent weeks. The accounts concerned have been restored as a precautionary measure.
River Knicks is just getting his start as a journalist. River attended a technical school while still in high school where he learned a variety of skills, from photography to coding. Apart from being a contributor to the site, River also helps keep Nebula Electronics up and running, he also keeps our social media feeds up-to-date.