When it comes to online accounts and the like, security is incredibly important. Which is why it’s crucial to have a strong password for each account.
Of course, that just goes out the window when the service stores your passwords completely unencrypted.
Google has apparently admitted to just this. The company disclosed this Tuesday that it had stored the passwords of a small number of enterprise customers in plaintext by accident. They didn’t however specify just how many customers the “small number” represented.
“We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Google vice president of engineering Suzanne Frey said in an announcement.
Passwords are usually encrypted when being stored using something called a hashing algorithm. That makes them impossible for a human to read without decoding them first. In G Suite, administrators are able to manually upload, set, and recover passwords for users. This comes in handy when you forget your company account password for instance, so IT can get it.
However, in its 2005 offering, Google discovered G Suite was improperly implementing password setting and recovery, which means it was being stored in plaintext. The feature has since been removed.
“To be clear, these passwords remained in our secure encrypted infrastructure,” said Frey. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”
If there was misuse, it could be for any of Google’s more than 5 million enterprise customers. And don’t worry, your regular personal Gmail account wasn’t affected by this.