G Suite users were taken aback yesterday when Google disclosed that it stored some passwords for Enterprise G Suite users in plain text for 14 years.
In a blog post, the search giant mentioned that the passwords were encrypted but not hashed, which means that Google employees had complete access to them. However, the company says that there is no evidence that passwords were illegally accessed by anyone or misused.
This issue has only affected business G Suite users and free consumer Google accounts were not affected, said Google. The fiasco happened 14 years ago when Google implemented the functionality to recover passwords in G Suite accounts. At that time, the admin console of enterprise accounts stored a copy of unhashed passwords.
The blog post read: “To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”
Google has already notified all the affected Enterprise G Suite accounts. If the affected users fail to reset the password, Google will reset the account on the users’ behalf as a precautionary measure.
The entire issue highlights the importance of multifactor authentication and why users must deploy it to secure their accounts.