wordpress blog stats
Connect with us

Hi, what are you looking for?

Google stored some G Suite passwords in plain text for 14 years

Google recently discovered a bug which led to the passwords of some G Suite users being stored in plain text on its servers, the company said in a blogpost today. The bug had been around since 2005. Though Google said there was no evidence anyone’s password was improperly accessed or misused, “14 years is a long time for sensitive data to hang around unnoticed”, as Wired put it. Google said the issue was restricted to users of its G Suite apps for businesses and that no free Google accounts were affected. It clarified that the plain text passwords had been stored on its own encrypted servers and not the open Internet, and said it was working with enterprise administrators to ensure that their users reset their passwords.

Bug in password (re)setting feature for administrators: The issue came about because of a feature in G Suite that let administrators upload or manually set user passwords for users, to help them with on-boarding employees and for account recovery. Google said it made an error when implementing this feature back in 2005, which caused the admin console stored a copy of the plaintext password. “The functionality to recover passwords this way no longer exists,” Google said.

How has Google responded? The company said it recently notified G Suite administrators and asked them to change the impacted passwords. “Out of an abundance of caution, we will reset accounts that have not done so themselves,” Google said.

Password blunders: Facebook, Instagram and Twitter

A report in March revealed that the passwords of hundreds of millions of Facebook users and tens of thousands of Instagram users were stored in plain text and searchable by thousands of Facebook employees for years. Facebook said in response that it was probing a series of security failures that allowed employees to build applications that logged unencrypted passwords and stored them in plain text on internal company servers. In April, the company clarified that millions, and not “tens of thousands” of Instagram passwords had been stored this way, per The Verge.

Last May, Twitter told its more than 330 million users to change their passwords after it discovered a glitch that caused some passwords to be stored in plain text on its internal systems. Twitter said the bug caused an issue in the hashing process that masks passwords, and led to passwords being saved in plain text to an internal log.

You May Also Like

News

The Bihar government has instructed its police departments to begin investigating criticism of the government, parliamentarians, legislators, and government officials, NDTV reported. The move...

News

Facebook’s Oversight Board will be reviewing, at Facebook’s referral, the decision to indefinitely suspend former US President Donald Trump’s from Facebook and Instagram. Trump’s accounts...

News

Google has signed a deal with news publishers in France to pay them for content appearing as preview snippets in search results, the company...

News

Digital sovereignty also involves the autonomy of Indians as far as ownership of that data is concerned, Ravi Shankar Prasad Union Minister for Electronics...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ