Google on Wednesday stretched out an apology to its G Suite customers in the wake of revealing that it stored passwords of some enterprise users in plaintext for quite a long time. Storing passwords without cryptographic hashes expose them to hacking hazard as they become readable.
The issue has been around since 2005 and Google, in an announcement, said it is working with enterprise administrators to guarantee that the users reset their passwords.
“We recently informed a subset of our enterprise G suite clients that few passwords were stored in our encrypted internal systems unhashed.
“This is a G Suite issue that influences business users just — no free purchaser Google accounts were affected,” said Suzanne Frey, Vice President, Engineering, Cloud Trust at Google, including that the company neither satisfied its own principles nor those of its customers.
“We apologize to our clients and will do better,” she added.
If you have a Google account, Google’s core sign-in framework is planned not to know your password.
When you set your password, rather than remembering the definite characters of the password, the company scrambles it with a “hash function”, so it moves something like “72i32hedgqw23328”, and that’s what is put away with your username.
“Both are then additionally encrypted before being saved to disk. The next time you attempt to sign in, we again scramble your password the similar way. If it matches the stored string then you probably typed the correct password, so your sign-in can proceed,” explained Frey.
In its enterprise item G Suite, Google discovered that some passwords were stored unhashed in plaintext.
“To be clear, these passwords stayed in our safe encrypted infrastructure. This problem has been fixed and we have seen no proof of improper access to or abuse of the affected passwords,” Google claimed.
Google said it has told G Suite administrators to tweak the impacted passwords.
Twitter recently prompted all its 330 million clients to change passwords owing to a breach.
Facebook in March revealed it fixed a security issue wherein a huge number of its users’ passwords were stored in plain text and “readable” format for quite a while and as per reports, were searchable by thousands of its employees.
After admitting it “unintentionally” uploaded emails of nearly 1.5 million new clients, Facebook later revealed that a large number of Instagram passwords were additionally stored on its servers in a readable format.