Google Admit Security Breach Resulted In Passwords Being Stored In Plain Text For FOURTEEN YEARS!
They’re the biggest brand name in the world and their name has become synonymous with all things tech, but even Google aren’t perfect – and the revelations their latest security breach has uncovered certainly proves that.
Of course, Google processes millions of pieces of customer data every day, and so their security procedures are usually vigorous and extensive; with teams of expert staff based in various sites across the globe backing up specialised software to safeguard everything and everyone who interacts with their facilities. A great deal of the information processed is passwords, and usually these are disguised using cryptography – a one-way coding system that hashes through them and renders them indecipherable to anyone who views them (if they make it that far!).
However, back in 2005, Google launched an update to G Suite services for Enterprise (Business) customers that allowed the administrators of domains to recover and set passwords, a feature requested by users to give them some autonomy over their own site’s users.
It has now been discovered, fourteen years later, that since this was introduced, the console within which the passwords were being entered was storing a copy of it – entirely un-encoded. Whilst only stored for 14 days at a time, this means that there were thousands of user passwords stored in plain text that could have been accessed by a third party.
Google have admitted the fault, have resolved it, and have confirmed that no untoward access was made to the inadvertently stored data. The identification of the issue also led to other such discoveries: including further G Suite password encryption flaws in sign-up flows.
Despite the quick rectification once the problem was finally found, for a security error like this to have been in place and undiscovered for so long is embarrassing; particularly for a firm of this size and stature! It’s a great example of even the most prepared and powerful of organisations being caught out by a simple error. It could have been easily avoided – and indeed Google are extremely lucky that the data was never accessed – but was instead left unchecked, likely through no fault of anyone that still works there.
Cybersecurity breaches, even like this instance where no malicious intent was ever uncovered or attempts made, can happen to any business, anywhere. To best protect your organisation, its customers and yourself against such issues, errors and threats, the best option is to involve the specialists from as early as possible in your IT protocol and processes. ON IT have teams of specially trained staff who are able to identify, prevent and resolve any such cybersecurity issues, as well as to return your services back to business-as-usual as quickly as possible in the event of any disruption. Prevention and protection come hand-in-hand with On IT, keeping you safe and secure no matter the circumstances.