Facebook isn’t the only big tech company found to be storing passwords in plain text. Google has warned G Suite users that an “error” in a password recovery implementation left some of their passwords unhashed on its internal systems since 2005 until that method was discontinued.
Other plain passwords had been temporarily stored since January 2019, Google said. All those systems were encrypted, and there was “no evidence” that someone had misused the info, but it still raised the possibility that an intruder could have direct access to logins if they cracked the encryption.
The company isn’t taking any chances despite the lack of known breaches. It’s asking G Suite administrators to change passwords, and it’s automatically resetting passwords for those who do nothing. Consumer Google accounts aren’t affected by the flawed approach.