Menu
Google exposes G Suite issue that stored plain-text passwords on its servers for 15 years

Google exposes G Suite issue that stored plain-text passwords on its servers for 15 years

"We apologize to our users and will do better."

Credit: Google

Google has begun forcing “a subset of our enterprise G Suite customers” to change their passwords after an issue that inadvertently left passwords exposed for more than a decade.

In a post to its Google Cloud blog Tuesday, the company outlined an error made back in 2005 that stored a copy of actual user passwords rather than the usual scrambled “hashed” version, thus making it possible for an outside attack to gain access to usable passwords. Google explains that the issue has been fixed and the company has “seen no evidence of improper access to or misuse of the affected passwords.”

Google says the passwords were still stored on its “secure encrypted infrastructure,” so the likelihood of an outside attack was low.

Google blames a legacy feature set for the issue. Back in 2005, G Suite domain administrators were given the ability to set and recover passwords on the client side for their own users, so they needed access to unhashed passwords. Google has since jettisoned this functionality and requires all G Suite passwords to be reset rather than recovered, just like Gmail.

Additionally, Google unearthed a separate issue that started in January that also led to unhashed passwords being stored for up to 14 days. Like the other issue, Google has fixed the problem and hasn’t found any evidence of “improper access to or misuse of the affected password.” 

As a result, Google is informing all affected clients to change impacted passwords and will reset any that aren’t manually changed. Google apologized for the issue and promised it “will do better” in the future.

While this particular issue doesn’t affect Gmail users (outside of G Suite subscribers), it drives home the need to use strong, unique passwords for every critical site and service you use. If you aren’t using a password manager yet, you should be. Our roundup of the best password managers can get you on the right track if you need help selecting one.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments