OK GOOGLE, you go and sit by Facebook on the 'we've been storing passwords in plaintext' naughty step and think about what you've been doing since 2005.
In all fairness to Google, it did fess up to storing the passwords of some businesses' G Suite accounts without the appropriate hashed encryption for some 14 years.
Google warned that a glitch in how it implemented password recovery saw some G Suite user passwords kept in plaintext within its infrastructure.
While that implementation method has since been abandoned, Google also said that its investigation into the password problem revealed that some G Suite passwords were also temporarily stored in plaintext since January. They were only stored for 14 days and Google stressed its internal infrastructure is secure and encrypted so the password palava isn't a big deal
And Google reckons the whole situation isn't one to twist the knickers of G Suite users given all the plaintext passwords were kept on its infrastructure rather than an unsecured database.
"We have seen no evidence of improper access to or misuse of the affected passwords," said Suzanne Frey, vice president of engineering at Google's cloud trust division.
But to be on the safe side, Google is asking G Suite administrators to change their passwords and it will also be automatically resetting passwords.
Frey also too the rather humble route and said sorry for the security slip-up: "Here we did not live up to our own standards, nor those of our customers. We apologise to our users and will do better."
Exposing plaintext passwords is rather common, unfortunately, as seen with a WiFi hotspot that exposed two million passwords in unencrypted form, and a GitHub bug that exposed user passwords in plaintext.
Moral of the story: is big tech firms check your password storage practices. µ
Put a Ring-Con on it
We know. We're as surprised as you are
It's available across all major UK networks