When storing passwords, companies will encrypt them in some way so that they’re secure. Apparently, that isn’t the case for Google, who recently discovered a bug that left some users unprotected.
On Tuesday, Google published a blog post disclosing that a portion of its G Suite users had their passwords left in plain text. The bug started around 2005, but Google says it hasn’t seen any sign of improper access or misuse of the affected passwords.
“We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry’s best practices for account security,” Suzanne Frey, Vice President of Engineering, wrote. “Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better.”
G Suite is the corporate version of Gmail and other Google apps. This issue does not impact any regular Gmail accounts.
The bug was implemented when Google created tools to set and recover passwords for G Suite accounts specifically.
“The functionality to recover passwords this way no longer exists,” according to the blog post.
Google says it has notified G Suite administrators to change the affected passwords. If accounts fail to do so themselves, Google says the company will reset their passwords.
Google’s recent incident marks the second time that a company has admitted to storing passwords in plain text this year. In March, Facebook confirmed that it had stored “hundreds of millions” of Facebook and Instagram passwords in plain text.