Google Apologizes For Saving Readable G-Suite Passwords For 14 Years

In another blow to its credibility and trust, Google on Tuesday apologized to its G Suite customers for storing passwords of some enterprise users in plain text for years.

G Suite provides a corporate version of Gmail email, spreadsheets and other apps. Google previously gave administrators the tools to set and recover passwords because that was a common feature request at the time. It was an easy way for companies to give new employee access to its enterprise suite of tools and to help them recover passwords. The function has since been removed.

“We made an error when implanting this function back in 2005,” wrote Suzanne Frey, VP of engineering, cloud trust at Google, in a blog post that explains how the admin console stored a copy of the unhashed password.



And while “the practice did not live up to our standards,” she wrote, "the passwords remained in Google’s “secure encrypted infrastructure.”

Frey also wrote that the team also discovered that beginning in January 2019 Google had unintentionally stored a subset of unhashed passwords in its secure encrypted infrastructure for a maximum of 14 days.

In both instances, the issues have been fixed and Google found no evidence of improper access to, or misuse of, the affected passwords.

“We apologize to our users and will do better,” Frey wrote.

Companies are trying to rebuild public trust after apologizing for a variety of mishaps. Survey results released by SAI Global, which focuses on risk management, identified a growing deficit in trust across global consumer groups driven by data privacy, traceability, and ethical and environmental practices.

The survey analyzes the consumer perceptions of brands, values and the positive or negative impact of security flaws. While the study focused more on consumers, and not enterprise customers, the results are eye-opening.

The findings from the 2019 SAI Global Trust Reputation Report, which focuses on consumer sentiment, suggests that data privacy is a main concern. Some 75% would accept a lower quality of product to increase data protection, and 65% view data privacy as the most important issue for any company.





Next story loading loading..