Somehow, this bug managed to go undetected for a staggering fourteen years. On discovering it, the company immediately corrected the issue, so there’s nothing for GSuite users to do at this point. Although, the company is recommending that all GSuite Enterprise customers immediately change their passwords just to be safe.
The company also notes that only GSuite Enterprise customers were impacted. If you’re just a regular Gmail user, your password was not exposed in the manner described above. Google’s official statement about the matter reads, in part, as follows: “To be clear, these passwords remained in our secure encrypted infrastructure. The issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”
This is the second time in recent months that the company has found itself dealing with issues of exposed passwords in systems that were thought to be highly secure. Again, this is proof positive that even the largest companies with generally good reputations where security is concerned can misstep.
GSuite Admins have been notified and instructed to reset all user passwords that had been set using the old tool. If you’re one of the impacted users, odds are excellent that this has already been done. If you’re not sure, take the time to query your IT staff just to be sure that base is covered.