Google stored G Suite passwords in plain text for 14 years

Submitted by tess on Thu, 05/23/2019 - 13:33
May
23
Thu
password

Google announced this week that some of its G Suite customers had their passwords stored on its systems in plaintext… for 14 years. Oops. G Suite is a business version of popular Google apps like Hangouts, Drive, Docs, and Gmail. There are around five million customers., but the tech giant declined to give exact numbers on many accounts were affected.

Google vice president of engineering Suzanne Frey wrote in a blog this week: “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed.”

Passwords are typically scrambled using a hashing algorithm so they cannot be read by humans. G Suite administrators can manually upload, set and recover new user passwords for customers. Google realized  in April that the way G Suite implemented password setting and recovery for some customers from 2005 was faulty, and a copy of the password was stored in plaintext. The feature has been removed.

Google isn’t the only tech giant that’s been a bit rubbish at storing users passwords. In March this year, Facebook stored 600 million user passwords in plain text. Last month, Facebook was also caught storing millions of Instagram passwords in a readable format and asked users for their email’s passwords for “verification.”  

If you are looking to protect your business with a truly secure solution, chose Fortress from NOS Microsystems. It is a tailor-made solution to fit the needs and particularities of individual enterprises. All data is secured with AES 256-bit encryption. Fortress is a powerful security tool that encrypts and protects your company database from cyber attack, hence protecting your business and client information. With Fortress, every single entry in your database is encrypted in real time. Access is done via a single sign-on (SSO) so only authorized people can view the data and would-be hackers would only be able to view encrypted junk.


Twitshot

Privacy-Policy

NOS Microsystems Limited and certain of its subsidiary companies in Administration ("the Companies").

This website is provided by the Companies. The administrators act at all times as agents of the Companies without personal liability. The following disclaimer excludes or limits the liability of the Companies and their respective joint administrators (together "NOS Microsystems Ltd.") for this site to the fullest extent permitted by law. Please ensure that you read it carefully.

Every attempt has been made to ensure that the information contained in this website has been obtained from reliable sources. However, all information in this website is provided "as is" with no guarantees of completeness, accuracy or timeliness, unless otherwise stated within this site. In addition, please note that all information provided on this website is subject to change at any time, and NOS Microsystems Ltd. cannot guarantee that the information provided is the most current and up to date. You are advised to independently verify any information you may wish to rely on.

Anybody entering this site may connect to other websites maintained by third parties over whom NOS Microsystems Ltd. has no control. NOS Microsystems Ltd. makes no representations as to the accuracy or to any other aspects of information contained in other websites, and accepts no liability in respect of the same.

This website uses cookies that help the website to function and also to track how you interact with it. We will only use the cookies if you consent to it by clicking n Accept. You can also manage individual cookie preferences from Settings.

Preferences