Google has come out and revealed that it recently discovered a bug because of which passwords of some users were stored in plain text. The bug has been found to have been present since 2005 inside G Suite accounts and could have potentially allowed any Google employee to access your account through your login credentials.
The issue only seems to have affected for paid G Suite users and not free customers as the corporate version of Google apps had a feature which was designed especially for companies. Earlier, an administrator for a company had the rights to manually set user passwords and the admin console would store these passwords as plain texts which were supposed to be hashed before storing.
This is different from what Google uses today as it remembers characters from your password and associates a has function with your account username.
While Google didn’t reveal that extent of accounts that may have been affected, it did reveal that a few of their enterprise G Suite customers who used the service since 2005 could have been the victim.
Google Cloud Trust VP, Suzanne Frey had this to say “We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password. This practice did not live up to our standards. This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords. We will continue with our security audits to ensure this is an isolated incident”.
Google has also notified G Suite admins about the list of users who should set a new password.
This has been a long month of data breaches and security vulnerability which started with WhatsApp which was found to have attackers exploit users through its calling function. Yesterday, Instagram found itself under the same scrutiny after it was found to have leaked contactdetails of 49 million users including celebrities, brands and influencers.