Discovering the Google’s password gap not encrypted in the past 14 years30/05/2019
After Twitter and Facebook, Google becomes the next large company to make mistakes in users’ password storage. After 14 years of storing in the text form, G suite users’ password is fixed now.
In a post uploaded to the Google Blog, this technology firm admitted that they had incidentally stored passwords of some enterprise using G Suite wrongly in the form of the original text. That means their passwords were stored in a clear copy, and any Google’s Staffs who were able to access to the server could see these password.
G Suite (whose name before was Google Apps for Work), is a software product based on the cloud foundation which was designed for enterprises with a service of storing email. In other word, G Suite is a business version of the Apps provided by Google.
The critical thing is that this gap has been existing since 2005 and was discovered 14 years later. Specifically, this gap was caused by the administrator of the enterprise resetting the users’ password manually. After that, the control panel of the administrator would store the new passwords of the staffs in the form of original text instead of encoding them.
Now, Google has fixed this problem and claimed that up to now, there has not been any evidence shown that this gap has been exploited or fallen into wrong hands. Google also stated that this error just affected customers using G Suite for enterprise App and not any of free Google accounts affected
In the blog, Google did not reveal the number of accounts affected by this gap but with more than 5 million enterprise customers using G Suite, this error could affect a large number of customers and any customers having used G Suite in the last 14 years could become a victim.
This is not the first time the big technology companies have made mistakes in storing users’ passwords. In early 2018, Twitter recommended more than 330 million users to change their password as they were stored in the form that was not encoded. Recently in this March, Facebook admitted storing more than 600 million users’ password in the original text form and more than 20 thousand staffs of the company could read them.
The email with weak security will cause serious consequences, not only damaging the finance but also affecting badly to the business brand. Investing smartly in the business email system is the best thing to protect the business, prevent the unexpected attack from the hacker.
Vnetwork Joint Stock Company
+84 28 7306 8789
Need more information?