Google logged some of G Suite users’ passwords in plain text

Google reports that some of its G Suite users’ passwords are stored in plain text on its internal systems. According to the company, it is an error that can be traced back to 2005. There would be no evidence that the situation was abused.

Google says it’s a 2005 bug when the admin console saved a copy of the unsecured password. “This practice does not meet our standards,” the company says. The passwords would have remained in a secure infrastructure with encryption, but without the use of hashing. “This issue has been resolved and we see no evidence of unusual access or misuse of the affected passwords,” Google said. It concerns a small part of G Suite accounts; consumers are not affected. Google reports that it is working with administrators to ensure that their users reset their passwords.

The company says it also found out that in January 2019, some of its unsecured passwords were accidentally stored in a secure environment, where they would have been stored for up to 14 days. This problem has also been resolved, according to Google and in this case, too, there would be no evidence of abuse. The internet giant says it considers this an isolated incident.

This occurrence is related to the fact that domain administrators were previously given tools to set and retrieve passwords. Google introduced this because it said it was a frequently requested feature. The tool, located in the admin console, gave administrators the ability to upload or manually set passwords for their company’s users. The goal was to help them give new users their account information right on the first days. This password recovery functionality no longer exists in this form.