Google has disclosed that some G Suite users’ passwords were stored in plain text for as long as 14 years.
G Suite is the business version of Google suite of apps including Gmail and Google Docs, and the company said the storage issue was a result of a specific feature designed for business users.
“In our enterprise product, G Suite, we had previously provided domain administrators with tools to set and recover passwords because that was a common feature request,” said Google in a blog post.
This circumnavigated the usual multiple-stage encryption that is used to keep passwords secure.
However, Google said that it made an error when creating the tools for domain administrators which allowed the admin console to store copies of unhashed user passwords.
Google said it recently notified G Suite administrators to change any impacted passwords, and Google will reset any accounts that don’t do this themselves.
“We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry’s best practices for account security,” said Google.
“Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better.”