G Suite Passwords Stored in Plaintext Since 2005

Google revealed Wednesday that had stored passwords to G Suite enterprise accounts in plaintext. Since 2005.

G Suite Customers Only Affected

In a blog post, the company’s Vice President Engineering, Cloud Trust, Suzanne Frey wrote that issue related to since disbanded functionality that “allowed administrators to upload or manually set user passwords for their company’s users.”

We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password. This practice did not live up to our standards.

Ms. Frey insisted that the G Suitepasswords remained in Google’s secure encrypted infrastructure. She added that the company had fixed the issue and there was no evidence of improper access to or misuse of the data. It is important to emphasize that this issue affected G Suite accounts.  No free, @gmail.com accounts were compromised.  “No free consumer Google accounts were affected,” wrote Ms. Frey.

The blog post explained that G Suite administrators had recently been contacted, administrators. This included admins here at TMO:

Facebook previously admitted a similar issue to G Suite on both its main service and Instagram.

Furthermore, Ms. Frey admitted that in January the company found that “we had inadvertently stored a subset of unhashed passwords in our secure encrypted infrastructure. “

Share this post