In a blog post Tuesday, Google notified G Suite customers that some passwords were stored on its internal servers without any encryption -- meaning anyone who found them could read them in plain text. Suzanne Frey, Google Cloud Trust's vice president of engineering, said in the post that this bug affects only business users -- so if you're using Google for free, this doesn't affect you.
"We have been conducting a thorough investigation and have seen no evidence of improper access to or misuse of the affected G Suite credentials," Google said.
Google is the latest tech giant to announce an issue with unhashed passwords stored on its internal servers.were stored on Facebook's internal servers, the social network said in March. In May 2018, Twitter also to be stored in plaintext.
Standard security practice is to encrypt passwords stored on internal servers, so employees can't see and potentially abuse those login credentials.
The G Suite bug affects only enterprise customers because back in 2005, administrators wanted tools to manually set and recover passwords. That tool stored a copy of the plaintext password, Google said. That bug lasted more than the last 14 years, the company revealed in its blog post.
Google discovered a separate bug from this January, which stored passwords in plaintext for up to two weeks. The company said it has notified admins who are affected by these security issues.