MITB Banner
AIM logo Black
Subscribe
Search
Close this search box.

Google Reveals That Some G Suite Passwords Were Stored In Plaintext Since 2005

Share

  • Published on
  • by Anirudh VK

Google, one of the world’s biggest enterprise software companies, recently reported that the passwords of many of its corporate customers in a readable format. This opened them up to attacks from hackers and malicious parties.

However, Google also mentioned that only a subset of their G Suite customers were affected by this. Consumer, free Google accounts were not affected at all.

In addition, these passwords were not hashed, but were still stored in Google’s secure infrastructure for passwords. The plaintext passwords were stored for a maximum of 14 days.

This issue has been in the system since 2005, and was caused due to a bug in one of the domain admin tools. This was the one to reset passwords. The security flaw came when the password was reset; a plaintext copy was stored by the admin console. Another copy ended up in Google’s infrastructure.

As one would guess, the plaintext password did not go through the hashing progress that makes Google’s passwords secure. Google ensured that the feature to recover lost passwords for G Suite customers no longer worked this way.

The issue was discovered in January 2019 while Google was troubleshooting sign up flows for G Suite implementations. Google’s sign in procedure is multi-fold.Every entered password is run through cryptography using a hash function to scramble the characters.

Upon the attempt to sign in to the account, the hash of the new password is checked against the stored hash to grant access to the account. This keeps the system secure, while keeping the password almost impossible to decode.

If the passwords were stored in plain text instead, an attacker could easily gain the credentials to a vast array of accounts. The unhashing functionality takes an unreasonable amount of compute and is not possible to execute in time for an attack.

The fact remains that even the plaintext passwords were stored behind many layers of security. This is the reason they were not found to be misused or accessed improperly in any way. The situation could have been worse in multiple ways. Even though this represents an incident that “did not live up to [Google’s] standards“, the passwords were not utilized to mount an attack.

Access all our open Survey & Awards Nomination forms in one place

Share
Picture of Anirudh VK

Anirudh VK

I am an AI enthusiast and love keeping up with the latest events in the space. I love video games and pizza.
Related Posts
Corse5 intelligence
2024 Spring AIM
Generative AI Engineer
Tech Office Cl002

CORPORATE TRAINING PROGRAMS ON GENERATIVE AI

Generative AI Skilling for Enterprises

Our customized corporate training program on Generative AI provides a unique opportunity to empower, retain, and advance your talent.

Join Today >>

Upcoming Large format Conference

Data Engineering Summit 2024

May 30 and 31, 2024 | 📍 Bangalore, India

Download the easiest way to
stay informed

Top Editorial Picks

Subscribe to The Belamy: Our Weekly Newsletter

Biggest AI stories, delivered to your inbox every week.

Also in News

AI Courses & Careers

View All

Become a Certified Generative AI Engineer

Join Today >>

Industry
Insights

View All

Check our Industry Research Reports

Explore AIM Research >>

AI Forum for India

Our Discord Community for AI Ecosystem, In collaboration with NVIDIA. 

Join the Community >>

AIM Videos

Flagship Events

Rising 2024 | DE&I in Tech Summit

April 4 and 5, 2024 | 📍 Hilton Convention Center, Manyata Tech Park, Bangalore

MachineCon GCC Summit 2024

June 28 2024 | 📍Bangalore, India

MachineCon USA 2024

26 July 2024 | 583 Park Avenue, New York

Cypher India 2024

September 25-27, 2024 | 📍Bangalore, India

Cypher USA 2024

Nov 21-22 2024 | 📍Santa Clara Convention Center, California, USA

Data Engineering Summit 2024

May 30 and 31, 2024 | 📍 Bangalore, India

GenAI
Corner

View All

Data
Dialogues

View All

Future
Talks

View All

Developer’s Corner

In Case You Missed It

Webstories

Also in Trends

World's Biggest Media & Analyst firm specializing in AI
Contact us ⟶
Advertise with us
AIM publishes every day, and we believe in quality over quantity, honesty over spin. We offer a wide variety of branding and targeting options to make it easy for you to propagate your brand.
Learn More ⟶
Branded Content
AIM Brand Solutions, a marketing division within AIM, specializes in creating diverse content such as documentaries, public artworks, podcasts, videos, articles, and more to effectively tell compelling stories.
Learn More ⟶
Corporate Upskilling
ADaSci Corporate training program on Generative AI provides a unique opportunity to empower, retain and advance your talent
Learn More ⟶
Hackathons
With MachineHack you can not only find qualified developers with hiring challenges but can also engage the developer community and your internal workforce by hosting hackathons.
Learn More ⟶
Talent Assessment
Conduct Customized Online Assessments on our Powerful Cloud-based Platform, Secured with Best-in-class Proctoring
Learn More ⟶
Research & Advisory
AIM Research produces a series of annual reports on AI & Data Science covering every aspect of the industry. Request Customised Reports & AIM Surveys for a study on topics of your interest.
Learn More ⟶
Conferences & Events
Immerse yourself in AI and business conferences tailored to your role, designed to elevate your performance and empower you to accomplish your organization’s vital objectives.
Learn More ⟶

© Analytics India Magazine Pvt Ltd & AIM Media House LLC 2024

Subscribe to Our Newsletter

The Belamy, our weekly Newsletter is a rage. Just enter your email below.