Google Apologises for Saving Some G Suite Passwords in Plain Text for Over a Decade

Google said it has notified G Suite administrators to change the impacted passwords.

Advertisement
By Indo-Asian News Service | Updated: 22 May 2019 10:36 IST

Google on Wednesday extended an apology to its G Suite customers after revealing that it stored passwords of some enterprise users in plaintext for years.

Storing passwords without cryptographic hashes expose them to hacking risk as they become readable.

Advertisement

The issue has been around since 2005 and Google, in a statement, said it is working with enterprise administrators to ensure that the users reset their passwords.

"We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed.

Advertisement

"This is a G Suite issue that affects business users only -- no free consumer Google accounts were affected," said Suzanne Frey, Vice President, Engineering, Cloud Trust at Google, adding that the company neither lived up to its own standards nor those of its customers.

"We apologise to our users and will do better," she added.

Advertisement

If you have a Google account, Google's core sign-in system is designed not to know your password.

When you set your password, instead of remembering the exact characters of the password, the company scrambles it with a "hash function", so it becomes something like "72i32hedgqw23328", and that's what is stored with your username.

Advertisement

"Both are then also encrypted before being saved to disk. The next time you try to sign in, we again scramble your password the same way. If it matches the stored string then you must have typed the correct password, so your sign-in can proceed," explained Frey.

In its enterprise product G Suite, Google found that some passwords were stored unhashed in plaintext.

"To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords," Google claimed.

Google said it has notified G Suite administrators to change the impacted passwords.

Twitter recently advised all its 330 million users to change passwords owing to a breach.

Facebook in March revealed it fixed a security issue wherein millions of its users' passwords were stored in plain text and "readable" format for years and according to reports, were searchable by thousands of its employees.

After admitting it "unintentionally" uploaded emails of nearly 1.5 million of new users, Facebook later revealed that millions of Instagram passwords were also stored on its servers in a readable format.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Google, G Suite
Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus Exits US, Europe, Continues Operations in India: 5 Things to Know
  2. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  3. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.