. home.aspx



Google Stored Plaintext Passwords Since 2005

May 22, 2019 / Cyber security news, cyber-attack news, data secur

Google has admitted that some of its enterprise customers’ passwords have been erroneously stored in plaintext, in a security issue dating back 14 years. The tech giant’s VP of engineering, Suzanne Frey, explained that the problem occurred when it introduced a new way for G Suite domain administrators to upload and manually set new passwords for their employees, to help with onboarding and account recovery. “We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password. This practice did not live up to our standards,” she added. “To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.” It’s unclear exactly how many users have been affected by this security snafu: Google would only say that it relates to a “subset of G Suite” customers. N...