Google says it stored some G Suite passwords in plain text for 14 years

Google says it stored some G Suite passwords in plain text for 14 years

This issue is linked with G Suite users only while free consumer Google accounts remained unharmed.

A couple of days ago it was reported that Google has been using Gmail to secretly store its users’ purchase history for years. Now, the company has revealed that its team recently discovered a bug due to which some of its enterprise G Suite customers got their passwords stored in plaintext or unhashed but encrypted format for approx. 14 years.


See: Misconfigured Google Groups Settings Leaking Sensitive Data


Google explained in its official blog post published Tuesday that this issue is linked with G Suite users only while free consumer Google accounts remained unharmed. According to Google’s Suzanne Frey:



“We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed. We are working with enterprise administrators to ensure that their users reset their passwords.”


This is definitely nothing short of a security lapse from Google and for such a long time the company remained unaware that such sensitive data was stored in the unhashed form. In fact, even now Google cannot accurately specify the number of customers affected by this bug. However, Google has affirmed that there is no evidence of unauthorized access so far.


It is worth noting that tech companies like Google use a hashing algorithm for passwords that scramble them so that humans aren’t able to read them. G Suite admins can manually upload, edit, and recover new user passwords specifically for enterprise users to help them add passwords of new employ ..