In a post at her blog today, Google revealed that it recently discovered a bug that affects some users of G Suite. The company revealed that it was storing G Suite user passwords in plain text.
The passwords have been stored since 2005, but Google says they have not been tampered with. However, as an additional measure, the company restores the passwords that may be affected and informed the administrators of G Suite about the problem.
Η service G Suite is an enterprise version of Gmail and other Google applications, and apparently the bug arose from a feature designed specifically for businesses.
Initially, it was possible for the administrator of each company to manually set user passwords
For example, before a new employee came in, and they set up their own mail under the company domain, the management console stored passwords in plain text instead of encrypting them. Google, however, has for some time nowslowenable this feature by administrators.
Google's post tries to explain how it works encryption, presumably to make sure everyone understood how important security is to the company.
He says that although the passwords were stored in plain text, they were stored on Google's servers, which the company says are secure.
The company did not disclose the number of users affected and simply states "a subset of G Suite corporate customers" - probably meaning anyone using G Suite in 2005. Google says it has not been able to find any evidence that passwords have been leaked, but it is not entirely clear who could have accessed this data.
The company says:
We take the security of our customers seriously and are proud to promote account security best practices. We apologize to our users and we will do better.
________________________
- Windows 10 May 2019 ISO Update download the final version
- Phishing: how it stops with mechanical learning
- Tails Project: Tails 3.14 ISO download before official release