As the conversation around cybersecurity and privacy continues to spiral out of control, tech giants seem to be eager to add more oil to the fire. This time, it’s Google dropping the ball.
In the recent blog post, tech specialists from the company admitted that they have been storing passwords of their users as plain text. “Mistakes like that happen!” some may say. Yes, we witnessed several problems with password management from big tech companies, but Google has been storing passwords like that for over 14 years.
A simple bug in the code made passwords available to any Google employee who had access to the storage. About two decades ago, the issue was less scandalous as Google users didn’t have much personal information attached to their profiles. Today, sensitive credentials, financial information, and private data could be compromised is an untrustworthy Google employee obtained passwords.
In addition, Google engineers reported that they stored some passwords of G Suite users unhashed meaning that all passwords were unprotected. These passwords were stored for 14 days during which Google did not detect any misuse of passwords or suspicious activities on relevant accounts. Google warned its users and suggested them changing passwords.
Both bugs have been identified and removed. The team at the company works on ensuring that there no other problems in relation to password management. However, the blog post is yet another episode in a seemingly unending string of problems related to cybersecurity and privacy. Google, Twitter, Amazon, and Facebook had demonstrated that their level of responsibility is unsatisfyingly low.
As for those who are afraid that their passwords were compromised, change all your passwords, use a password manager, and make sure that use unique combinations of letters, numbers, and symbols. It is a good idea to change all your passwords if you don’t rely on two-factor authentication and use similar passwords for different services.