22 May 19, 12:16
Quote:Google on Tuesday said that some passwords for its G Suite customers were stored in an unhashed format since 2005.
“We are writing to inform you that due to legacy functionality that enabled customer Domain Admins to view passwords, some of your users’ passwords were stored in our encrypted systems in an unhashed format,” an email notice to G Suite administrators reads. “This primarily impacted system generated or admin generated passwords intended for one-time use.”
Suzanne Frey, a VP of Engineering at Google responsible for security, privacy, compliance and trust for Google Cloud, said in a blog post that it's consumer Gmail accounts were not affected, but did not say how many G Suite Enterprise accounts were impacted.
"We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password," Frey said. "This practice did not live up to our standards. To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords."
SOURCE: https://www.securityweek.com/google-warn...d-unhashed