Google stored G Suite passwords in plain text for 14 years

Submitted by naomi on Thu, 05/23/2019 - 13:33
May
23
Thu
password

Google announced this week that some of its G Suite customers had their passwords stored on its systems in plaintext… for 14 years. Oops. G Suite is a business version of popular Google apps like Hangouts, Drive, Docs, and Gmail. There are around five million customers., but the tech giant declined to give exact numbers on many accounts were affected.

Google vice president of engineering Suzanne Frey wrote in a blog this week: “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed.”

Passwords are typically scrambled using a hashing algorithm so they cannot be read by humans. G Suite administrators can manually upload, set and recover new user passwords for customers. Google realized  in April that the way G Suite implemented password setting and recovery for some customers from 2005 was faulty, and a copy of the password was stored in plaintext. The feature has been removed.

Google isn’t the only tech giant that’s been a bit rubbish at storing users passwords. In March this year, Facebook stored 600 million user passwords in plain text. Last month, Facebook was also caught storing millions of Instagram passwords in a readable format and asked users for their email’s passwords for “verification.”  

If you are looking to protect your business with a truly secure solution, chose Fortress from NOS Microsystems. It is a tailor-made solution to fit the needs and particularities of individual enterprises. All data is secured with AES 256-bit encryption. Fortress is a powerful security tool that encrypts and protects your company database from cyber attack, hence protecting your business and client information. With Fortress, every single entry in your database is encrypted in real time. Access is done via a single sign-on (SSO) so only authorized people can view the data and would-be hackers would only be able to view encrypted junk.


Twitshot