Google stored some users' passwords in plain text for years

Yolanda Curtis
May 23, 2019

The passwords were eventually encrypted when stored on disk, Google added, meaning that Google employees or intruders couldn't see or read the passwords in clear text.

Case in point: Google's announcement on Tuesday that it stored the passwords of some G Suite users in plain text from 2005 to 2019.

The bug revealed today was traced back to a tool built in 2005 that allowed administrators to set passwords for new employees. At that time, the admin console of enterprise accounts stored a copy of unhashed passwords.

This issue has only affected business G Suite users and free consumer Google accounts were not affected, said Google. That bug lasted more than the last 14 years, the company revealed in its blog post.

And Google reckons the whole situation isn't one to twist the knickers of G Suite users given all the plaintext passwords were kept on its infrastructure rather than an unsecured database.

Google discovered a separate bug from this January, which stored passwords in plaintext for up to two weeks.

Google said the issue only affected its business customers, so consumers shouldn't have to rush to change their passwords.

But Google also disclosed a second incident during which the G Suite platform had stored passwords without passing them through its regular password-hashing algorithm. Just like during the first incident, the passwords were eventually encrypted when saved to disk. "These passwords were stored for a maximum of 14 days", Suzanne Frey, VP of Engineering at Google, explained. However, the company says that there is no evidence that passwords were illegally accessed by anyone or misused.

The company said today it already notified G Suite administrators and told them to reset user passwords that had been set through the old G Suite tool.

"We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry's best practices for account security", said Google.

Other reports by iNewsToday