News Google stored G-Suite users passwords in plaintext


Staff member
Feb 1, 2019
On May 20th, Google admited to store some of their G-Suite users passwords in plaintext since 2005. Even though they didn't explicitly said how many accounts were stored in that way, it's well known that G-Suite has more than 5 million enterprise costumers.

Google also stated that all passwords are encrypted using a hashing algorithm, but for making it easier to manually recover passwords por enterprise users, they improperly stored a copy of the password as plaintext in a file. Also, Google stated that earlier this month they discovered that they were storing by mistake in their servers, unencrypted passwords for up to two weeks. Both issues have been resolved after the statement and Suzanne Frey, Google vice president, said that there are no evidence of misuse of the affected passwords and that access to this files were restricted to very few Google staff.

Finally, She said that no consumer gmail accounts were compromised by this security lapse.

Google has join Facebook, Twitter and GitHub, companies that also admitted to store passwords in plaintext until recently.