Softpedia >News >Web / Internet Life
Softpedia Homepage   

Google Admits It Stored "Some" Passwords in Plain Text Since 2005

Only the G Suite users were affected by this problem

May 22, 2019 11:42 GMT  ·  By
G Suite
   G Suite

Google revealed that an unspecified number of passwords of G Suite users were stored in plain text for many years.

At this point, you’re probably wondering what the heck is G Suite? And you would be right to do so. If you’re just a regular Google user, you have nothing to worry about because G Suite is a set of tools for companies that incorporates cloud computing, productivity, and collaboration software developed by Google.

In theory, the problem might not be all that significant, but we have to take a look at the context. It’s not that the passwords were stored in plain text, something that happened to other companies over the years; it’s that this problem has been around since 2005.

A little too late to the party

The phrase “we take security very seriously” is used way too often by companies after their data was compromised or after some security breach is discovered. Users are always being asked to change their passwords because companies don’t actually take security seriously, as Google claims.

“However, we recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed. This is a G Suite issue that affects business users only–no free consumer Google accounts were affected–and we are working with enterprise administrators to ensure that their users reset their passwords. We have been conducting a thorough investigation and have seen no evidence of improper access to or misuse of the affected G Suite credentials,” says Google in an announcement.

There are a couple of problems from the start. Translated, Google says that only paying customers were affected, so people who use other free services are safe, as if this makes it better, somehow. Secondly, “we have seen no evidence of improper access” is not a guarantee. They can’t really tell users with 100% confidence that’s the case.

To make matters even worse, this problem was actually introduced by Google back in 2005, and it remained in place until 2019. While it’s good that they finally managed to find and fix this security problem, an obvious question remains. How many of these issues remain hidden in the dark because they weren’t discovered by Google just yet?