Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005.
In a blog post released this week, the company admitted the passwords of “some” of its G Suite customers had been stored on internal servers without cryptographic protection, also known as a hash.
“This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords. We will continue with our security audits to ensure this is an isolated incident,” announced the blog.
While the unprotected passwords were, according to Google, still protected within their “secure encrypted infrastructure,” the amount of time the issue went undetected is cause for concern for many security experts.
“[E]ven if it’s only internal it still creates a substantial privacy and security concern,” said TrustedSec CEO David Kennedy to Wired Magazine.
Google has begun contacting system administrators whose organizations would have been affected by the glitch to encourage them to change their passwords.