Tech & Science : Google stored some passwords in plain text for fourteen years - PressFrom - Australia
  •   
  •   

Tech & Science Google stored some passwords in plain text for fourteen years

04:11  22 may  2019
04:11  22 may  2019 Source:   theverge.com

Your most sensitive data is likely exposed online. These people try to find it

Your most sensitive data is likely exposed online. These people try to find it Don’t worry. They want it to be safe.

passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text

Some users had their passwords stored in plain text as early as 2012, according to a senior Facebook source who spoke to KrebsOnSecurity. The source, speaking on condition of anonymity, says that somewhere between 200 million and 600 million Facebook users were affected.

Google stored some passwords in plain text for fourteen years© Illustration by Alex Castro / The Verge

In a blog post today, Google disclosed that it recently discovered a bug that caused some portion of G Suite users to have their passwords stored in plain text.

The bug has been around since 2005, though Google says that it can’t find any evidence that anybody’s password was improperly accessed.

It’s resetting any passwords that might be affected and letting G Suite administrators know about the issue.

G Suite is the corporate version of Gmail and Google’s other apps, and apparently the bug came about in this product because of a feature designed specifically for companies.

Google’s combining all its travel planning features under a tool called Trips

Google’s combining all its travel planning features under a tool called Trips Not to be confused with Google Trips, its offline travel app

Google 's free service instantly translates words, phrases, and web pages between English and over 100 other languages.

Google Releases Android Q Beta 2, Bubbles Feature a Highlight. Facebook had for years stored hundreds of millions of user passwords in plain text , according to a recent report. Brian Krebs has, through his website KrebsOnSecurity, made this rather startling revelation.

Early on, it was possible for your company administrator for G Suite apps to set user passwords manually — say, before a new employee came on board — and if they did, the admin console would store those passwords in plain text instead of hashing them. Google has since removed that capability from administrators.

Google’s post goes to great pains to explain how cryptographic hashing works, likely in an effort to make sure the nuances surrounding this breach are clear.

Though the passwords were stored in plain text, they were at least stored in plain text inside Google’s servers, so they’d be harder to get to than if they were just out on the open internet.

Google stored some passwords in plain text for fourteen years

Google stored some passwords in plain text for fourteen years Only affects some G Suite customers

SAN FRANCISCO (AP) — Facebook had stored millions of user passwords in plain text for years , the social media The company says the passwords were stored on internal company servers, no outsiders could access them. But the incident reveals a huge oversight for the company amid a slew…

Plain text means that the stored passwords are unencrypted, meaning they can be easily accessed and read by people who had access to Facebook’s “As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data

Although Google didn’t say so explicitly, it seems like it wants to also make sure people don’t lump this bug in the same category as other plain text password problems where those passwords have leaked out.

Google has already made users reset their passwordsAnd oh, there have been so many of those, as Wired notes.

Twitter advised all 330 million of its users to change passwords back in March due to a breach.

Facebook stored “hundreds of millions” of passwords in plain text in a way where up to 20,000 of its employees could have accessed them. Instagram had to fess up that Facebook’s breach had actually affected millions of Instagram users (not the previously disclosed smaller number).

For its part, Google didn’t characterize just how many users might have been affected by this bug beyond saying it affected “a subset of our enterprise G Suite customers” — presumably anybody who was using G Suite in 2005.

And though Google couldn’t find evidence that anybody used this access maliciously, it’s not entirely clear who would have had access to these plain text files either.

In any case, it’s fixed now and Google is appropriately sorry in its post about the whole issue:

We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry’s best practices for account security. Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better.

Google won't allow marijuana delivery apps in the Play Store.
Google updated its Play Store policy today to prohibit apps that early directly sell or help facilitate the sale of marijuana, even in states where the drug is legal. 

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!