Google saved passwords of some users for 14 years in plain text

The US Internet giant Google has stored the passwords of certain customers without encryption on its servers for more than a decade. The company confessed the mistake yesterday and also gave some initial details of how this could happen.

As Google announced in a blog entry , over a period of 14 years, the passwords of a limited number of corporate customers of his business services of the G-Suite have been stored in clear text on their own servers. Due to the lack of encryption, at least in theory, not only Google employees , but also external attackers could have gained access to the respective user accounts.

No abuse - neither internally, nor externally
Suzanne Frey, Vice President of Engineering for the Google Cloud Trust team, said the problem was exclusively for business customers. So if you use the free Google services, was not in danger here. The case has now been extensively studied and found no evidence of unauthorized access or even misuse of the relevant credentials for the Google G Suite, Frey continued.

Cause of the problems was apparently a faulty implementation of a function to restore or assign a password used by G-Suite users by the administrator of the company. Google implemented a feature in 2005 to respond to demand from its customers. Due to the mistake made at that time, however, the storage of the password by the Admin console of the G-Suite was done in plain text.

According to Frey, access to the passwords by external attackers was unlikely. Although they had been filed in plain text, but had been in Google's "secure, encrypted infrastructure". In another case, since January 2019 certain un-hashed passwords have also been unintentionally stored on encrypted servers, but only for a period of 14 days in each case. Even in this case, Google was able to eliminate the error meanwhile and found no abuse.

Source: Google Blog

Stay Tuned For More :)

Post a Comment