Google recently discovered a bug which led to the passwords of some G Suite users being stored in plain text on its servers, the company said in a blogpost today. The bug had been around since 2005. Though Google said there was no evidence anyone’s password was improperly accessed or misused, “14 years is a long time for sensitive data to hang around unnoticed”, as Wired put it. Google said the issue was restricted to users of its G Suite apps for businesses and that no free Google accounts were affected. It clarified that the plain text passwords had been stored on its own encrypted servers and not the open Internet, and said it was working with enterprise administrators to ensure that their users reset their passwords. Bug in password (re)setting feature for administrators: The issue came about because of a feature in G Suite that let administrators upload or manually set user passwords for users, to help them with on-boarding employees and for account recovery. Google said it made an error when implementing this feature back in 2005, which caused the admin console stored a copy of the plaintext password. “The functionality to recover passwords this way no longer exists,” Google said. How has Google responded? The company said it recently notified G Suite administrators and asked them to change the impacted passwords. “Out of an abundance of caution, we will reset accounts that have not done so themselves,” Google said. Password blunders: Facebook, Instagram and Twitter A report in March…
