wordpress blog stats
Connect with us

Hi, what are you looking for?

Google stored some G Suite passwords in plain text for 14 years

Google recently discovered a bug which led to the passwords of some G Suite users being stored in plain text on its servers, the company said in a blogpost today. The bug had been around since 2005. Though Google said there was no evidence anyone’s password was improperly accessed or misused, “14 years is a long time for sensitive data to hang around unnoticed”, as Wired put it. Google said the issue was restricted to users of its G Suite apps for businesses and that no free Google accounts were affected. It clarified that the plain text passwords had been stored on its own encrypted servers and not the open Internet, and said it was working with enterprise administrators to ensure that their users reset their passwords.

Bug in password (re)setting feature for administrators: The issue came about because of a feature in G Suite that let administrators upload or manually set user passwords for users, to help them with on-boarding employees and for account recovery. Google said it made an error when implementing this feature back in 2005, which caused the admin console stored a copy of the plaintext password. “The functionality to recover passwords this way no longer exists,” Google said.

How has Google responded? The company said it recently notified G Suite administrators and asked them to change the impacted passwords. “Out of an abundance of caution, we will reset accounts that have not done so themselves,” Google said.

Password blunders: Facebook, Instagram and Twitter

A report in March revealed that the passwords of hundreds of millions of Facebook users and tens of thousands of Instagram users were stored in plain text and searchable by thousands of Facebook employees for years. Facebook said in response that it was probing a series of security failures that allowed employees to build applications that logged unencrypted passwords and stored them in plain text on internal company servers. In April, the company clarified that millions, and not “tens of thousands” of Instagram passwords had been stored this way, per The Verge.

Last May, Twitter told its more than 330 million users to change their passwords after it discovered a glitch that caused some passwords to be stored in plain text on its internal systems. Twitter said the bug caused an issue in the hashing process that masks passwords, and led to passwords being saved in plain text to an internal log.

Advertisement. Scroll to continue reading.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ