Rabu, 22 Mei 2019

Google stored some users' passwords in plain text for years - Mashable

Google inadvertently stored enterprise passwords in plain text.
Google inadvertently stored enterprise passwords in plain text.
Image: Chesnot/Getty Images

Google has revealed it had left some business users' passwords exposed in plain text.

In a blog post on Tuesday, the tech giant said it had discovered the issue in Google's popular enterprise product, G Suite, back in January. 

When stored in a system, passwords are cryptographically hashed — scrambled into a random-looking assortment of numbers — which make it near-impossible to try and guess what it is. 

The bug, which had existed since 2005, stored an unhashed, plain text copy of the password in G Suite's administration console. The console had allowed administrators to reset a password for a user, in case they forgot it, but Google said the function no longer exists.

"This practice did not live up to our standards," Suzanne Frey, Google's VP of engineering, Cloud trust, said in the blog post.

"To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords."

Google didn't reveal how many users were impacted by the bug, but the issue only affects users of G Suite, and does not impact people who use Google's free consumer accounts.

The company said it has contacted G Suite administrators to change those impacted passwords, and has reset passwords for those users who have not done so already.

While Google's security issue arguably pales in comparison, it comes after millions of passwords were discovered stored in plain text by Facebook back in March.

Uploads%252fvideo uploaders%252fdistribution thumb%252fimage%252f91439%252f180f02c1 002b 433e b985 f757d1ce94b9.jpg%252foriginal.jpg?signature=kt2za5xrtsw9c jcmew715n hvq=&source=https%3a%2f%2fblueprint api production.s3.amazonaws

Let's block ads! (Why?)


https://mashable.com/article/google-plaintext-password-enterprise/

2019-05-22 04:29:00Z
52780301224427

Tidak ada komentar:

Posting Komentar