In a post at her blog today, Google revealed that it recently discovered a bug that affects some users of G Suite. The company revealed that it was storing G Suite user passwords in plain text.
The passwords have been stored since 2005, but Google says they have not been intercepted. But the company is resetting the codes as an additional measure access potentially affected and notified G Suite administrators of the issue.
G Suite is a corporate version of Gmail and other Google applications, and apparently the error came from a business-specific feature.
Initially, it was possible for the administrator of each company to manually set user passwords
For example, before a new employee came, and they made his own mail under the company domain, the management console stored the passwords in plain text instead of encrypting them. But Google has long since removed this feature from administrators.
Google's post tries to explain how it works encryption, presumably to make sure everyone understood how important security is to the company.
He says that although the passwords were stored in plain text, they were stored on Google's servers, which the company says are secure.
The company did not disclose the number of users affected and simply states "a subset of G Suite corporate customers" - probably meaning anyone using G Suite in 2005. Google says it has not been able to find any evidence that passwords have been leaked, but it is not entirely clear who could have accessed this data.
The company says:
We take the security of our customers seriously and pride ourselves on promoting best practices for account security. We apologize to our users and will better.
________________________
- Windows 10 May 2019 ISO Update download the final version
- Phishing: how it stops with mechanical learning
- Tails Project: Tails 3.14 ISO download before official release