Wednesday, May 22, 2019

Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years (GOOG, GOOGL) - Pulse Nigeria


  • “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.

  • The implementation error causing the issue happened 2005 and according to TechCrunch, wasn’t discovered until April of this year.

  • Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider’s question regarding the number of improperly stored passwords.

  • The company said “we have seen no evidence of improper access to or misuse of the affected passwords.”

  • Visit Business Insider’s homepage for more stories.

An undisclosed number of Google enterprise users have had their passwords stored in plaintext on the tech giant’s internal systems for over a decade, according to a corporate blog post on Tuesday.


“We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.


Google said the issue stemmed from giving account administrators for instance, a company’s head of IT the ability to manually set passwords for employees say, on an someone’s first day. But back in 2005, an error was made, Google said, and the admin portal ended up storing unhashed copies of passwords on the tech giant’s encrypted servers. In other words, for the past 14 years, some G Suite users have had their corporate passwords stored in such a way that would have been readable by authorized personnel, like account administrators or certain Google employees.


Google first found the issue this April and said it has since been fixed. In its blog post Tuesday, Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider’s question regarding that number.


This February, Google announced that its G Suite platform which includes apps like Gmail, Docs, and Hangouts has over 5 million paying businesses .


“To be clear, these passwords remained in our secure encrypted infrastructure,” Frey wrote. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”


Google said G Suite administrators have been notified and that it will update passwords that have not already been changed. It also said that none of its free consumer accounts were included in the mishap.


With Tuesday’s news, Google joins other tech giants most notably Facebook that have struggled to keep user passwords and other data safe and secured. In March, Facebook admitted to storing hundreds of millions of user passwords in plaintext for years, available to be seen by any of its 20,000 employees.


NOW WATCH: 9 simple ways to protect your data that don’t take much time, but could have huge security benefits


See Also:


  • Facebook’s CTO is so shaken by the scope of the social network’s problems that it has made him cry

  • Auth0, a cybersecurity software company started by a Microsoft veteran, scooped up $103 million and says its valuation doubled to over $1 billion in just 12 months

  • Facebook has finally revealed what its secretive robotics division is working on, and it could spark competition with rivals like Google and Apple

SEE ALSO: Google has more control over Android than we realize, and right now, companies like Huawei have no other choice but to accept that



Read More from Source



Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years (GOOG, GOOGL) - Pulse Nigeria
Previous Post
Next Post

About Author

0 Comments: