Google recently said that a small number of the enterprise customers had mistakenly stored passwords in plaintext on the Google systems. The leading search engine said on Tuesday that some of the enterprise customers were affected with exposure. A statement issued by the company said that We recently notified a subset of our enterprise G suite customers that some passwords were stored in our encrypted internal systems unhashed.
Passwords are usually scrambled using the hashing algorithm to prevent them from being read by humans. G suite admin can manually upload, set, and recover new user passwords for company users that assist the situations wherein new employees join the company. In the month of April, it found that password setting and recovery for its enterprise offering in 2005 was faulty and improperly stored a copy of the password in plaintext. Google, since the discovery Google, has removed the feature, no consumer account was affected by the lapse. Google Vice president said in a statement that to be clear, these passwords remained in secured encrypted infrastructure. The issue has been fixed, and we have seen no evidence of improper access or misuse of the affected passwords.
Google said that there are more than 5 million enterprise customers using the G suite. Google also discovered a second security lapse earlier this month when it was troubleshooting the new G suite customer signings. The company added that it was improperly storing a subset of passwords on to its internal systems for up to two weeks. The system in Google was, however accessible to only a limited number of staff members. Google has notified the G suite admin to warn them about the password security lapse and will be resetting the account passwords for those who are yet to change them. Google has been one of the most recent companies that have admitted about storing the data in plain text, earlier Facebook, Twitter, and GitHub had made the same lapse in security.
