submit@infiniteprivacy.com
Personal Privacy

Google Stored G Suite Users’ Passwords in Plaintext Since 2005

The Infinite Brief
Google revealed that its G Suite platform mistakenly stored unhashed passwords of some of its enterprise users on internal servers in plaintext for 14 years because of a bug in the password recovery feature.

The flaw, which has now been patched, resided in the password recovery mechanism for G Suite customers that allows enterprise administrators to upload or manually set passwords for any user of their domain without actually knowing their previous passwords in order to help businesses with on-boarding employees and for account recovery.

Google also says that the plain text passwords were stored not on the open Internet but on its own secure encrypted servers and that the company found no evidence of anyone’s password being improperly accessed.

Google also clarifies that the bug was restricted to users of its G Suite apps for businesses and that no free version of Google accounts like Gmail were affected.

Curated from The Hacker News

Leave a Response