Google exposes G Suite issue that stored plain-text passwords on its servers for 14 years Credit: GoogleSupplied Art
Business Management

Google exposes G Suite issue that stored plain-text passwords on its servers for 14 years

Google has begun forcing “a subset of our enterprise G Suite customers” to change their passwords after an issue that inadvertently left passwords exposed for more than a decade.

In a post to its Google Cloud blog Tuesday, the company outlined an error made back in 2005 that stored a copy of actual user passwords rather than the usual scrambled “hashed” version, thus making it possible for an outside attack to gain access to usable passwords. Google explains that the issue has been fixed and the company has “seen no evidence of improper access to or misuse of the affected passwords.”

Google says the passwords were still stored on its “secure encrypted infrastructure,” so the likelihood of an outside attack was low.

Google blames a legacy feature set for the issue. Back in 2005, G Suite domain administrators were given the ability to set and recover passwords on the client side for their own users, so they needed access to unhashed passwords. Google has since jettisoned this functionality and requires all G Suite passwords to be reset rather than recovered, just like Gmail.

Additionally, Google unearthed a separate issue that started in January that also led to unhashed passwords being stored for up to 14 days. Like the other issue, Google has fixed the problem and hasn’t found any evidence of “improper access to or misuse of the affected password.” 

As a result, Google is informing all affected clients to change impacted passwords and will reset any that aren’t manually changed. Google apologized for the issue and promised it “will do better” in the future.

While this particular issue doesn’t affect Gmail users (outside of G Suite subscribers), it drives home the need to use strong, unique passwords for every critical site and service you use. If you aren’t using a password manager yet, you should be. Our roundup of the best password managers can get you on the right track if you need help selecting one.

PREVIOUS ARTICLE

« What the Huawei-Google spat means for you

NEXT ARTICLE

10 lesser-known Apple Maps features you should check out »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Poll

Do you think your smartphone is making you a workaholic?