Jump to content
Sign in to follow this  
The AchieVer

Google Admits It Stored "Some" Passwords in Plain Text Since 2005

Recommended Posts

The AchieVer

Google Admits It Stored "Some" Passwords in Plain Text Since 2005 

Google revealed that an unspecified number of passwords of G Suite users were stored in plain text for many years.

 

Google revealed that an unspecified number of passwords of G Suite users were stored in plain text for many years.

 
At this point, you’re probably wondering what the heck is G Suite? And you would be right to do so. If you’re just a regular Google user, you have nothing to worry about because G Suite is a set of tools for companies that incorporates cloud computing, productivity, and collaboration software developed by Google.

In theory, the problem might not be all that significant, but we have to take a look at the context. It’s not that the passwords were stored in plain text, something that happened to other companies over the years; it’s that this problem has been around since 2005.A little too late to the partyThe phrase “we take security very seriously” is used way too often by companies after their data was compromised or after some security breach is discovered. Users are always being asked to change their passwords because companies don’t actually take security seriously, as Google claims.

“However, we recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed. This is a G Suite issue that affects business users only–no free consumer Google accounts were affected–and we are working with enterprise administrators to ensure that their users reset their passwords. We have been conducting a thorough investigation and have seen no evidence of improper access to or misuse of the affected G Suite credentials,” says Google in an announcement.

There are a couple of problems from the start. Translated, Google says that only paying customers were affected, so people who use other free services are safe, as if this makes it better, somehow. Secondly, “we have seen no evidence of improper access” is not a guarantee. They can’t really tell users with 100% confidence that’s the case.

To make matters even worse, this problem was actually introduced by Google back in 2005, and it remained in place until 2019. While it’s good that they finally managed to find and fix this security problem, an obvious question remains. How many of these issues remain hidden in the dark because they weren’t discovered by Google just yet?
 
 
 
 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...