+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years

May 22, 2019, 04:35 IST

Google Cloud CEO Thomas Kurian at Google Cloud Next 2019Google

Advertisement
  • Google accidentally kept un-encrypted user passwords belonging to its enterprise customers on its internal servers for a period of more than a decade, the company revealed in a corporate blog post on Tuesday.
  • "We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed," Suzanne Frey, Google Cloud VP of Engineering wrote.
  • The implementation error causing the issue happened 2005 and according to TechCrunch, wasn't discovered until April of this year.
  • Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider's question regarding the number of improperly stored passwords.
  • The company said "we have seen no evidence of improper access to or misuse of the affected passwords."
  • Visit Business Insider's homepage for more stories.

An undisclosed number of Google enterprise users have had their passwords stored in plaintext on the tech giant's internal systems for over a decade, according to a corporate blog post on Tuesday.

"We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed," Suzanne Frey, Google Cloud VP of Engineering wrote.

Google said the issue stemmed from giving account administrators - for instance, a company's head of IT - the ability to manually set passwords for employees - say, on an someone's first day. But back in 2005, an error was made, Google said, and the admin portal ended up storing unhashed copies of passwords on the tech giant's encrypted servers. In other words, for the past 14 years, some G Suite users have had their corporate passwords stored in such a way that would have been readable by authorized personnel, like account administrators or certain Google employees.

Google first found the issue this April and said it has since been fixed. In its blog post Tuesday, Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider's question regarding that number.

Advertisement

This February, Google announced that its G Suite platform - which includes apps like Gmail, Docs, and Hangouts - has over 5 million paying businesses.

"To be clear, these passwords remained in our secure encrypted infrastructure," Frey wrote. "This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords."

Google said G Suite administrators have been notified and that it will update passwords that have not already been changed. It also said that none of its free consumer accounts were included in the mishap.

With Tuesday's news, Google joins other tech giants - most notably Facebook - that have struggled to keep user passwords and other data safe and secured. In March, Facebook admitted to storing hundreds of millions of user passwords in plaintext for years, available to be seen by any of its 20,000 employees.

NOW WATCH: 9 simple ways to protect your data that don't take much time, but could have huge security benefits

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article