In the recent blog post by Google, it said that the company has currently discovered about the bug which may have caused some of the G Suite users to store their passwords in the form of plain text. This bug has been in the company server since the year 2005. In addition to it, the company to have said that they don’t find any evidence in which the password was said to be improperly got accessed.
As per the policy of Google, the company needs to store all the passwords with cryptographic hashes so that security will be ensured to it. Until recently, they come across the subset of enterprise G Suite customers in which they believe that they stored the encrypted internal systems unhashed. In this issue, it is seen that only G Suite users for business accounts got affected and no free consumer of Google accounts have got affected by this bug.
Later in the blog post by Google, the company has described the working of G Suite system for the customers. It said that Google’s core sign-in system is designed in such a way that it will not know about the password. If it does not remember your password at first so when you sign in again, it detects the password with the help of cryptography. This means that when you store the password, they scramble the password and store with your username. So, when you again log in with the same username and password, then the scrambled password again get scramble to form the original password and allows you to log in to the account.
When it comes to the G Suite accounts, the tool that is given to the users to set and recover the passwords were said to be a very common feature for the request. With the help of this tool, it allows the administration to upload or to manually set all the user passwords for the users of the company.
But recently, the company has discovered the issues that are present in the G Suite enterprise accounts. In the year 2005, the company has admitted to made a mistake when implementing the functionality. It is seen that the admin had stored a copy of the password in an unhashed manner. In addition to this statement, they too have said that the passwords that they have stored have remained in the secure encrypted infrastructure. The issue has now been fixed, and there is no evidence about any type of misuse of this unhashed password in any form by anybody.
Moreover, the company to have started to troubleshoot the all-new G Suite customer Sign-up flows which were started from January 2019. The company is said to have stored the subset of all types of unhashed password in the encrypted infrastructure, and it was stored for about a maximum of 14 days. Currently, the issue has been fixed with no types of evidence from improper access or to misuse all the affected passwords.