Clicky

Some Google enterprise customers passwords were stored in plain text for 14 years

This time it's Google's turn to face criticism for its security practices.

Tired of censorship and surveillance?

Defend free speech and individual liberty online. Push back against Big Tech and media gatekeepers. Subscribe to Reclaim The Net.

As the conversation around cybersecurity and privacy continues to spiral out of control, tech giants seem to be eager to add more oil to the fire. This time, it’s Google dropping the ball.

In the recent blog post, tech specialists from the company admitted that they have been storing passwords of their users as plain text. “Mistakes like that happen!” some may say. Yes, we witnessed several problems with password management from big tech companies, but Google has been storing passwords like that for over 14 years.

A simple bug in the code made passwords available to any Google employee who had access to the storage. About two decades ago, the issue was less scandalous as Google users didn’t have much personal information attached to their profiles. Today, sensitive credentials, financial information, and private data could be compromised is an untrustworthy Google employee obtained passwords.

In addition, Google engineers reported that they stored some passwords of G Suite users unhashed meaning that all passwords were unprotected. These passwords were stored for 14 days during which Google did not detect any misuse of passwords or suspicious activities on relevant accounts. Google warned its users and suggested them changing passwords.

Both bugs have been identified and removed. The team at the company works on ensuring that there no other problems in relation to password management. However, the blog post is yet another episode in a seemingly unending string of problems related to cybersecurity and privacy. Google, Twitter, Amazon, and Facebook had demonstrated that their level of responsibility is unsatisfyingly low.

As for those who are afraid that their passwords were compromised, change all your passwords, use a password manager, and make sure that use unique combinations of letters, numbers, and symbols. It is a good idea to change all your passwords if you don’t rely on two-factor authentication and use similar passwords for different services.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.

Tired of censorship and surveillance?

Defend free speech and individual liberty online. Push back against Big Tech and media gatekeepers. Subscribe to Reclaim The Net.

Share