Google stored unhashed G Suite passwords

Due to an error dating back to 2005, Google stored G Suite customers’ passwords on its servers in plain text, the firm wrote in a blog post. Free Google emails were not affected by this issue.

The company usually hashes customers' passwords so that it does not have access to them. However, when rolling out a toolset that allowed domain administrators to set and recover user passwords, Google made an error. For that reason, a copy of the unhashed password was stored by the admin console.

Moreover, when troubleshooting sign-in flows in January this year, Google discovered that they "had inadvertently stored a subset of unhashed passwords in our secure encrypted infrastructure” for up to 14 days.  

Both issues have since been fixed. According to Google, an investigation did not provide any evidence of “improper access to or misuse of the affected G Suite credentials.”

Users of affected emails have been urged to change the passwords for security reasons.