Google reports that the passwords of some of its G Suite users are stored in plain text in its internal systems. According to the company, this is an error that can be traced back to 2005. There is no evidence that the situation has been abused.
Google says it’s a 2005 error when the admin console saved a copy of the unsecured password. “This practice does not meet our standards,” the company says. The passwords would have remained in a secure infrastructure with encryption, but without the application of hashing. “This issue has been resolved and we see no evidence of unusual access to or abuse of the affected passwords,” says Google. This concerns a small part of G Suite accounts; consumers are not affected. Google reports that it works with administrators to ensure that their users reset their passwords.
The company says it also discovered that in January 2019 some of the unprotected passwords were accidentally stored in a secure environment, where they would have been stored for up to fourteen days. This problem is also solved according to Google and in this case there would be no evidence of abuse. The internet giant says to regard this as an isolated incident.
This incident is related to the fact that domain managers were previously given tools to set and retrieve passwords. Google introduced this because it claimed to be a much-needed feature. The tool, which was located in the admin console , gave administrators the option of uploading passwords or setting them manually for the users of their company. The goal was to help them give their new account information to new users on the first few days. This functionality for recovering passwords no longer exists in this form.