Google Stored G Suite Passwords in Plain Text since 2005

G Suite Exposed Google announced it had stored G Suite enterprise users’ passwords in plain text since 2005 in a Google Cloud blog post. Google has notified the G suite administrators to change the impacted passwords. The company has reset the accounts of the affected, yet they have not specified how many users were affected. Below describes how it happened and what we recommend to secure your G Suite Enterprise accounts.

 

What Happened?

Google stores the passwords on a secure encrypted infrastructure as a scrambled hashed version. Storing passwords this way prevents access to useable passwords in the event anyone got access to them. Google administrators have a tool to upload or manually set user passwords for their company’s users. This tool is meant to help onboard new users and allow users to sign in with the provided temporary password. The G Suite admin onboarding a new user has an option to turn on, “change user password on next sign on.” From the time the temporary password is assigned to a new or active g-suite user that “temp password” was stored in plain text on Google’s servers. Only Google employees had access to view these temporary passwords stored in plain text according to their post.

Recommendations:

We recommend you enable “sign-in & recovery” to a phone number and recovery email. Also, consider setting up step up 2-step verification to sign in. This is the latest security issue from yet another big tech company. So as always we remind you to change your passwords and follow other digital security practices continually.

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
support@smartfix.theme

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
support@smartfix.theme

Store Hours
Mon - Sun 09:00 - 18:00