G Suite passwords stored in plain text for 14 years


G Suite which happens to be a Cloud Computing brand of productivity and collaboration tools of Alphabet Inc’s subsidiary Google has disclosed on Wednesday that a bug in its database caused the passwords to be stored in plain text for 14 years i.e. since 2005-6.

Thus, with the latest revelation, the web service giant happens to join the list of tech giants such as Instagram, Twitter, and Facebook which stored their user passwords in plain text for years.

Sources familiar with development say that the bug was identified in April this year after which the related security staff took appropriate measures to fix the vulnerability.

In general, Passwords are stored in the scrambled text using hashing algorithms so that it becomes hard for humans to read them. But due to the bug issue, G-suite left a portion of its user passwords in plain text for 14 years which might have exposed the passwords to hackers.

However, the company claims that there is no evidence that the passwords were accessed by cyber crooks or were misused or sold on the dark web as the database was secured with a two-point firewall.

As per the statistics provided by Stats Counter, there are over 5 million enterprise users using G-suite and an estimate provides that more than 2 million of them might have been affected by the bug.

Note 1 – G-Suite is an enterprise edition apps and services package which includes calendar, Docs, Meet, Gmail, Drive and other services related to business.

Note 2- In March this year, Facebook released an official statement that over a million passwords of its Instagram users were exposed in the plain text due to a bug in its database. Twitter and Github also admitted similar security lapses last year.

Meanwhile, Ireland’s Data Protection Commissioner of Europe has started an investigation on how the personal data of users is being handled by Google for the purpose of advertising- all a part of GDPR privacy law probe.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display