After the Capital One breach, should big companies fear the public cloud?
infosec

After the Capital One breach, should big companies fear the public cloud?

You will find it harder to find a company more committed to using the so-called public cloud than Capital One. OR...
Read More
infosec

Malware targets taxpayers and taxpayers through phishing emails!

The Internal Revenue Service (IRS) issued a warning to taxpayers and taxpayers about an active fraud campaign ...
Read More
infosec

Hackers clone VPN sites to distribute Trojan banking

Hackers who previously attacked the site of the free multimedia editor VSDC to distribute Win32.Bolik.2 banking ...
Read More
infosec

230,000 users became malware target in the second quarter of 2019

More than 230.000 users targeted malware infection efforts in the second quarter of 2019, according to ...
Read More
infosec

NPP Australia: Notifying Customers of a New PayID Leak

PayID's search function on Australia's new payment platform (NPP) has encountered problems once again. This...
Read More
Latest Posts

G Suite user codes were stored in plaintext

Suite

Η Google admitted on Tuesday that the paid applications G Suite for businesses, store certain user passwords in plaintext.

The company informed via email the account managers affected by the security error, that in some cases the passwords had not been hashed. Hashing is a security practice that protects credentials by using an encryption algorithm.

Google is trying to persuade users that the bug was only about the business version of G Suite and did not affect other consumers, and also stated that there were no signs of password abuse and that the passwords were encrypted.

There are essentially two security issues in the case. The first is about a G Suite feature available from 2005, which allowed administrators to set G Suite users' passwords through the Google Account's admin console. However, although it is designed to help new employees in a business to set their passwords and connect, they do not apply practice hashing to these codes.

The second problem is to record some user passwords on platforms and to maintain these credentials for about 14 days each time again without hashing. This practice began in January of this year, during attempts by Google employees to face problems of the connection system and has stopped.

Representative of the company said that both of these problems have been resolved.

The hashing process is applied so that if someone illegally invades a sever, they can not get the people sign-in credentials: passwords are encrypted in such a way that malicious agents can not understand who the prototypes are and they can not use to connect to other services or platforms.

In this case the codes were not hadhed, so they were vulnerable if a competent hacker or even an employee of the company was trying to intercept them.

From today, Google will start changing passwords for affected accounts that have not changed.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Absent Mia

About Absent Mia

Being your self, in a world that constantly tries to change you, is your greatest achievement

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *