For years, Google has stored some passwords in plain text on its servers. The cause of this unfortunate situation? A flaw which Google unintentionally caused itself.
Only a small number of G Suite users are affected by this problem. Google did not want to give exact figures but insists that it is very small. The passwords would not have been recovered by anyone and the people who might be affected had their passwords reset.
The information comes from Google itself, for the sake of transparency it informed about the problem and gave some explanations. Google announced on its blog that some passwords stored on his servers were not encrypted. Worse still, this flaw has existed since 2004. The problem is now solved.
This was due to the functionality that allowed company managers to define their employees’ passwords themselves. The administration console then saved the passwords in plain text instead of encrypting them, but they were still stored on Google’s servers, so remained difficult for bad actors to access.
This story therefore joins the many other episodes in which passwords have played the main role in recent times. Facebook, renowned for its leakiness, is of course one of them.