Google stored unhashed G Suite passwords

Security • May 23, 2019, 7:35AM EDT

UPDATED: May 23, 2019, 7:10AM EDT

Due to an error dating back to 2005, Google stored G Suite customers’ passwords on its servers in plain text, the firm wrote in a blog post. Free Google emails were not affected by this issue.

The company usually hashes customers' passwords so that it does not have access to them. However, when rolling out a toolset that allowed domain administrators to set and recover user passwords, Google made an error. For that reason, a copy of the unhashed password was stored by the admin console.

Moreover, when troubleshooting sign-in flows in January this year, Google discovered that they "had inadvertently stored a subset of unhashed passwords in our secure encrypted infrastructure” for up to 14 days.

Both issues have since been fixed. According to Google, an investigation did not provide any evidence of “improper access to or misuse of the affected G Suite credentials.”

Users of affected emails have been urged to change the passwords for security reasons.

More by Carol Gaszcz

Scammers send emails impersonating FCA, offering 'guaranteed' cryptocurrency investment opportunity

July 23, 2019, 12:31PM EDT

Bitcoin

49% of Americans have a cash-back credit card, survey shows

July 23, 2019, 11:20AM EDT

The Block

Binance unveils spot copy trading feature in automated strategy tools expansion

ViaBTC auctions 'epic sat' after mining Bitcoin's halving block and holding back rewards

Citi-backed Talos acquires crypto risk management platform Cloudwall

Safe token trades at $2.8 billion FDV after becoming transferable

Crypto.com postpones South Korea launch following reported visit from local regulators

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro