Google has claimed that it found no evidence of improper access to or misuse of the affected G Suite credentials.
Google said on Tuesday that it discovered a bug in its system that caused some passwords of G Suite users to have their passwords stored in plain text, affecting business users. Google has claimed that it found no evidence of improper access to or misuse of the affected G Suite credentials. Nonetheless, the company has apologised for the data breach.
It has notified G Suite administrators to change the impacted passwords and the Google will itself reset accounts that have not done so themselves.
Google’s core sign-in system is such designed that it doesn’t know about the user’s password. Though the passwords were stored in plain text in servers, they are scrambled in an encrypted format using cryptography, which is hard to unscramble back, Google claimed. Google further explained in the post that it cannot retrieve a password on user’s request. “If someone should obtain the scrambled password, they won’t be able to recover your real password,” it said.
With the detailed explanation, it seems that Google does not want people to count this as other plain text password problems where passwords have leaked out.
G Suite, the corporate version of Gmail and Google’s other apps, disclosed that the bug paved way into the system way back in 2005 when it allowed the domain administrators with tools to set and recover passwords. The tool also allowed the administrators to upload or manually set user passwords for their company’s users. The functionality to recover passwords this way no longer exists, Google said, adding the practice did not live up to its standards.
“This issue has been fixed,” it said, adding that the tech giant will continue with security audits to ensure this is an isolated incident.
It also tendered apology for breach of security to its enterprise users. “We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry’s best practices for account security. Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better,” it said.