To say that our online data is secure on any website on the internet is a mere hoax. However, companies have at least developed an interest in the recent past in taking more control on the security of their user’s data, that’s not the case for Mark Zuckerberg and his Facebook as we all know.
For websites to secure passwords, they usual encrypt the passwords using a cryptographic hashing technology for security reasons. Cryptography helps in masking user passwords making them unreadable by an attacker even if they gain access to the website’s data.
In a recent report, Google has admitted that they stored passwords for a subset of G-Suite users in plaintext. Plaintext passwords mean that if the data falls in the wrong hands, they will straight away know the usable password of any user.
The company in the Google Cloud blog on Tuesday reported that they made a mistake back in 2005 by storing a copy of plaintext passwords for a subset of G-Suite users. Additionally, they affirmed that there hasn’t been found any instance in which the plaintext passwords stored were accessed by wrong hands as they were stored securely in their secure encrypted infrastructure.
The error was blamed on a feature in the past that gave system administrators mandate to assign new users passwords and also help users recover their old passwords. Google reported that back then password recovery was a frequently requested feature by G-Suite users. And thus for this feature to work, it required that administrators have access to the plaintext passwords.
However, Google has assured it’s G-Suite users that the feature is no longer existent. Instead, Google requires that user account passwords be reset rather than recovered, a similar case for regular Gmail users. All the affected users have already been notified by the company to forcefully change their passwords.
For regular Google users, you don’t have to worry about a thing.