Google on Tuesday revealed that it stored some of its G Suite business customers’ passwords in a readable, unencrypted format.
“We discovered that starting in January 2019 we had inadvertently stored a subset of unhashed passwords in our secure encrypted infrastructure,” the company said on its blog.
No ad to show here.
The unhashed passwords were not scrambled, and were stored as plain text for two weeks.
The company also discovered that it was previously storing G Suite passwords since 2005, due to an “error” in the way it handled administrative access.
“The tool (located in the admin console) allowed administrators to upload or manually set user passwords for their company’s users. The intent was to help them with onboarding new users,” Google explained.
According to Google there was no “improper access to or misuse” of the passwords, and the issues have been resolved.
The company also noted that they have informed all affected customers, who were advised to change their passwords.
“Out of an abundance of caution, we will reset accounts that have not done so themselves,” the company said.
Feature image: Shereesa Moodley/Memeburn