In a post at her blog today, Google has revealed that it recently discovered an error that affects some users of G Suite. The company revealed that it stored G Suite user passwords in plain text.
The passwords have been stored since 2005, but Google says they have not been intercepted. But the company like additional measure reset any potentially affected passwords and notified G Suite administrators of the issue.
G Suite is an enterprise service version of Gmail and other Google apps, and apparently the bug was caused by a feature designed specifically for businesses.
Initially, it was possible for the administrator of each company to manually set user passwords
For example, before a new employee came, and they created his own mail under the company's domain, the console managements stored passwords in plain text instead of encrypting them. But Google has long since removed this feature from administrators.
Google's post tries to explain how encryption works, presumably to make sure everyone understood how important encryption is. better safety for the company.
He says that although the passwords were stored in plain text, they were stored on Google's servers, which the company says are secure.
The company did not disclose the number of users affected and simply states "a subset of G Suite corporate customers" - probably meaning anyone using G Suite in 2005. Google says it has not been able to find any evidence that passwords have been leaked, but it is not entirely clear who could have accessed this data.
The company says:
We take the security of our customers seriously and are proud to promote account security best practices. We apologize to our users and we will do better.
________________________
- Windows 10 May 2019 ISO Update download the final version
- Phishing: how it stops with mechanical learning
- Tails Project: Tails 3.14 ISO download before official release