Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Google Admits It Stored "Some" Passwords in Plain Text Since 2005

The AchieVer

By The AchieVer
in Security & Privacy News

Recommended Posts

The AchieVer

The AchieVer

Posted
Posted

Google Admits It Stored "Some" Passwords in Plain Text Since 2005 

Google revealed that an unspecified number of passwords of G Suite users were stored in plain text for many years.

 

Google revealed that an unspecified number of passwords of G Suite users were stored in plain text for many years.

 
At this point, you’re probably wondering what the heck is G Suite? And you would be right to do so. If you’re just a regular Google user, you have nothing to worry about because G Suite is a set of tools for companies that incorporates cloud computing, productivity, and collaboration software developed by Google.

In theory, the problem might not be all that significant, but we have to take a look at the context. It’s not that the passwords were stored in plain text, something that happened to other companies over the years; it’s that this problem has been around since 2005.A little too late to the partyThe phrase “we take security very seriously” is used way too often by companies after their data was compromised or after some security breach is discovered. Users are always being asked to change their passwords because companies don’t actually take security seriously, as Google claims.

“However, we recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed. This is a G Suite issue that affects business users only–no free consumer Google accounts were affected–and we are working with enterprise administrators to ensure that their users reset their passwords. We have been conducting a thorough investigation and have seen no evidence of improper access to or misuse of the affected G Suite credentials,” says Google in an announcement.

There are a couple of problems from the start. Translated, Google says that only paying customers were affected, so people who use other free services are safe, as if this makes it better, somehow. Secondly, “we have seen no evidence of improper access” is not a guarantee. They can’t really tell users with 100% confidence that’s the case.

To make matters even worse, this problem was actually introduced by Google back in 2005, and it remained in place until 2019. While it’s good that they finally managed to find and fix this security problem, an obvious question remains. How many of these issues remain hidden in the dark because they weren’t discovered by Google just yet?
 
 
 
 

 

Link to comment
Share on other sites
  • Views 558
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...