Google Stored Passwords in Plaintext For 14 Years

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Oops, Google said on Tuesday: you know that domain administrator’s tool to reset passwords in the G Suite enterprise product? The one we implemented back in 2005, as in, 14 years ago?

We goofed, Google said. The company’s been storing copies of unhashed passwords – as in, plaintext, unencrypted passwords – all this time. From a blog post written by Google vice president of engineering Suzanne Frey: We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password. This practice did not live up to our standards. Only a small number of enterprise customers were affected, she said, though Google hasn’t put a number on it. People using the free, consumer version weren’t affected. Google’s notified a subset of its enterprise G Suite customers that some of their passwords were stored in plaintext in its encrypted internal systems. Frey said that no harm came of it, as far as Google can ascertain, and it’s since been fixed: To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.
Sorry, Google said: we’ll try to ensure this is an isolated incident. That presumably means “isolated” as in “it only happened twice.”
shutterstock_1188695488-compressor.jpg
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top