Google has stored unencrypted passwords for 14 years

Passwords have been kept by Google as text from 2005 to January 2019, according to the company’s announcement on Wednesday. This problem only affected some customers using the G Suite service.

Normally, companies store their users’ passwords in encrypted form, which prevents hackers from reading them if they access the database.

Password encryption also prevents companies that store them, such as Google, from being able to access them.

No undue access detected

Google explains on its website (New Window) that it offers G Suite account administrators (a set of tools for businesses) the ability to create new user account passwords for themselves and the users. recover if they forgot them. This allowed new employees to quickly access their Google account.

However, by creating this feature, Google made a mistake: when a user tried to recover his password, it appeared in the administrator console in unencrypted form.

The US giant says that passwords in text form were kept in a system that was encrypted, and no undue access to passwords was detected.

Another mistake again affecting G Suite customers was also noted in January 2019. This bug also ensured that plain text passwords were kept in an encrypted system, this time never more than 14 times. days. Google has not found any trace of intrusion related to this flaw.

Fixed issues

Both errors have been corrected by Google, which ensures continue investigation to confirm beyond doubt that these are isolated incidents.

Affected G Suite account administrators have been contacted by Google in recent weeks. The accounts concerned have been restored as a precautionary measure.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.