Google says that there were a number of its enterprise customers since 2005 have had their Google G Suite passwords stored in plaintext.
G Suite, Google’s brand of cloud computing, software, productivity and collaboration tools has more than 5 million users as of February. Google said that it recently discovered the passwords for a “subset of enterprise G Suite customers” stored in plain text since 2005.
“This practice did not live up to our standards,” Suzanne Frey, VP of engineering for Google Cloud Trust, said in a post. “To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”
Google said they also discovered a second security lapse earlier this month as they were troubleshooting new G Suite customer sign-ups. The company said since January it was improperly storing “a subset” of unhashed G Suite passwords on its internal systems for up to two weeks. Google said the systems were only accessible to a limited number of authorized Google staff, the company said.
“This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords,” said Frey.
Google stated that it took proper steps and notified G Suite administrators to warn of the password security lapse, and will reset account passwords for those who have yet to change.