Home suyesh tech tips Google admits to saving G suite passwords in plaintext since 2005, admins advised to reset passwords

Google admits to saving G suite passwords in plaintext since 2005, admins advised to reset passwords

May 22, 2019

In this day and age of rapid information sharing, it seems like we come across news of a password breach or leak every other day. It was recently revealed how personal and public data of millions of Instagram influencers was being hosted on an unsecured server with open access and Google has now disclosed information about a G Suite issue that affected business customers by saving their account credentials in plaintext. The company says that passwords of a “subset of our enterprise G Suite customer” was stored in plaintext in their internal encrypted systems. Google says that it has been conducting an internal investigation and has not come across evidence that the passwords were misused. 

The problem is said to arise from tools for admins of G suite which enabled them to set and recover passwords. The company says it made a mistake when the feature was being implemented in 2005 as the admin console saved an unhashed or unencrypted copy of passwords. While the tool and its associated functionality of password recovery doesn’t exist anymore, Google discovered that starting January 2019, they had "inadvertently stored a subset of unhashed passwords" in their secure encrypted infrastructure. These credentials were reportedly stored in Google’s system for 14 days. 

Google says that the problem has been fixed and they have notified G Suite admins to change the impacted passwords. It will also reset accounts of users who have not changed their passwords themselves. "We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry’s best practices for account security. Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better," says Google's VP of engineering Cloud Trust, Suzanne Frey.

This news comes soon after TechCrunch reported that a Mumbai-based social media marketing firm called chatrbox was leaking Instagram users’ data. The firm is said to have an unprotected database that hosted data of millions of Instagram influencers, which consisted of their names, account status, phone numbers and more. The database is said to be offline now but the firm has not responded how it obtained private data of Instagram users. You can read more about this in detail here. 



from suyesh tech tips
Tags :
Powered by Blogger.