Google Plaintext Password Warning


Google announced today that they have accidentally stored user passwords unprotected in plaintext.

Google says that the bug affected "a small percentage of G Suite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. The company typically stores passwords in a cryptographic hash. However, a bug in G Suite's password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of the admin console.

Google has disabled the features that contained the bug.

Google is in the process of notifying G Suite administrators, and says that it will also automatically reset any impacted passwords that haven't already been changed. The company discovered the bug in April.

Since all impacted passwords that haven't already been changed will be auto-reset by Google, you should focus on adding two-factor authentication to your G Suite account if you don't already have it—and maybe cross your fingers that these passwords went unnoticed for 14 years.

Leave a Reply