Google's Implementation Error Accidentally Stored Unhashed Password

An implementation error led Google to accidentally store unhashed passwords of some of its G suite users for almost 14 years.

Since 2005, Google has been storing passwords in the plain text following an error in the implementation of a feature which enables its users to set and recover passwords manually.

Addressing the issue in a security notice, Suzanne Frey, Vice President of engineering, Google stated “We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password. This practice did not live up to our standards. To be clear, these passwords remained in our secure encrypted infrastructure.”

In order to prevent this from happening, Google is currently working with G Suite administrators to ensure that their users' passwords are reset and also conducts a comprehensive investigation of the incident.

Following their preventive efforts, Google has confirmed that there has been no evidence of any improper access to or misuse of the impacted G Suite passwords. However, the issue has been fixed.

“We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry’s best practices for account security. Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better,” Frey stated to their users.