The search Giant Google has disclosed that a small number of it’s enterprise customers “mistakenly” had their passwords stored in Plain-text.
Google announced on Tuesday via their blog post.They revealed that the G-Suite platform mistakenly stored unhashed passwords of some of it’s enterprise users in plaintext for 14 years.
“We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password. This practice did not live up to our standards. To be clear, these passwords remained in our secure encrypted infrastructure.”
According to Google,the issues has been fixed and there is no evidence of improper access to the password or misuse of affected passwords.
“This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”
G Suite which was formerly known as Google Apps,is a collection of cloud computing productivity and collaboration tools that is designed for cooperate users with email hosting for their business.
Google becomes the latest company to have admitted storing sensitive data in plaintext in the past year. Facebook announced in March that “hundreds of millions” of Facebook and Instagram passwords were stored in plaintext. Twitter and GitHub also admitted similar security lapses last year.
It has been verified that Google has indeed sent Notification to affected customers.According to the notification. Starting from Wednesday May 22, 2019 they will enforce a password change unless it has been changed prior to the time.
Notification sent to Affected Users
Google also stated their new Password Update Methodology in the notification sent to affected customers.