{"id":139694,"date":"2019-05-22T21:02:18","date_gmt":"2019-05-22T21:02:18","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=139694"},"modified":"2025-07-01T21:54:30","modified_gmt":"2025-07-02T04:54:30","slug":"google-left-passwords-unprotected","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/google-left-passwords-unprotected\/","title":{"rendered":"Google left a number of user passwords unprotected for 14 years"},"content":{"rendered":"

\"Google<\/p>\n

Google announced in a blog post <\/a>that they had stored a number of users’ passwords in plain text for about 14 years. The good news is that Google found no signs of a breach or misuse.\u00a0<\/strong><\/p>\n

When Google stores passwords, they go through a process called “hashing.” Hashing scrambles a password so that if someone were to get the scrambled version, they would have no idea what your actual password might be. The passwords in question\u00a0were not hashed<\/strong> and were instead left in\u00a0plain text.\u00a0<\/strong><\/p>\n

Google did not clarify how many user passwords were unprotected.<\/p>\n

“We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry\u2019s best practices for account security,” wrote Suzanne Frey, vice president of engineering at Google. “Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better.”<\/p>\n

\r\n
\r\n
\r\n
\r\n \"Google\r\n <\/div>\r\n
\r\n Google Chrome<\/span>\r\n Download Google Chrome \u25ba<\/a>\r\n <\/div>\r\n
\r\n <\/path><\/path>7<\/text><\/svg>\r\n <\/div>\r\n <\/div>\r\n
\r\n <\/span>\r\n <\/div>\r\n
\r\n \r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n

How did this happen?<\/h2>\n

Back in 2005<\/strong>, Google made an error when creating their new password system.\u00a0Google ended up fine-tuning their hashing system, and those passwords ended up making it to their hashing system. However, the error persisted.<\/p>\n

While troubleshooting G Suite customer sign-up flows, Google discovered that the error was still there.\u00a0<\/strong>A subset of some unhashed passwords remained in Google’s system for a maximum of two weeks at a time. Google has removed the error.<\/p>\n

\r\n
\r\n
\r\n
\r\n \"Google\r\n <\/div>\r\n
\r\n Google Docs<\/span>\r\n Download free \u25ba<\/a>\r\n <\/div>\r\n
\r\n <\/path><\/path>8<\/text><\/svg>\r\n <\/div>\r\n <\/div>\r\n
\r\n <\/span>\r\n <\/div>\r\n
\r\n \r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n

Should I be worried?<\/h2>\n

Short answer: not really.<\/p>\n

Google did not suffer a breach that led to your password getting stolen by a hacker. The company was careless in how it protected some of the passwords, but they have rectified the problem.<\/p>\n","protected":false},"excerpt":{"rendered":"

Due to an error from 2005, your password might have been left exposed.<\/p>\n","protected":false},"author":9180,"featured_media":139697,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2340,1054,1068,2046,1663,1624,1027],"usertag":[839],"vertical":[],"content-category":[],"class_list":["post-139694","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectiongoogle","tag-gmail","tag-google","tag-google-suite","tag-passwords","tag-privacy","tag-security","usertag-vpn"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/139694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9180"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=139694"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/139694\/revisions"}],"predecessor-version":[{"id":325997,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/139694\/revisions\/325997"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/139697"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=139694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=139694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=139694"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=139694"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=139694"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=139694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}