Google Stored Passwords In An Unsecured Manner For 14 Years On G Suite
A Google Blog post disclosed a bug in the company’s G Suite platform that had caused a small portion of the user base to have their secure passwords being saved in a plain text format. The American tech giant reports that the bug has been in the system for the past fourteen years unchecked, although it claims that the bug has not been abused till now and that their investigation into the matter yielded no evidence that pointed towards unwarranted access. Google has reset any of the passwords that may have been affected by the bug. G Suite is the business/corporate version of Google’s Gmail and other Google related applications. Reportedly the bug was born out of a feature that was made specifically for companies, namely the Administrators to reset any user passwords or accounts for newly recruited employees. This process had the Admin console store the passwords in plain text instead of being encrypted. Google has since removed this function for Administrators.
Google thereon reassures how the unencrypted passwords were stored safely in the company’s own servers rather on the internet which is objectively easier to mediate. Google painstakingly explained the subtlety of cryptographic hashing to clear out all doubts surrounding the bug. Furthermore, all unchanged passwords will be reset automatically.
Google has a relatively good track record of detecting bugs and glitches in their system, but this bug points a finger towards a myriad of tech giants and social media companies as well such as Facebook which had also previously saved several hundreds of millions of passwords in plain text. It was accessible to its employees. Similarly, Twitter had also asked its entire user base to reset their passwords due to concerns regarding private data account access.
Along with the report of the bug and other technical jargon to it, Google also issued an official apology for this oversight and assured their users of their “industry leading” practices and control over the situation. Google concluded by explicitly stating the fact that the aforementioned bug went unchecked for 14 years was rather disconcerting to the company and equally disturbing for its users.