Google disclosed in a blog post on Tuesday that it accidentally stored some passwords in plain text that could have been seen by employees, for the past 14 years.
Google says it traced a bug back to 2005 and says it only impacts business G Suite users, no free consumer Google products were affected. The company is now urging businesses to make sure their employees change their password.
It’s another reminder that we should all be more careful with the passwords we use.
I suggest everyone visit the website haveibeenpwned.com from time to time and see if your email address and passwords have been compromised in recent data breaches.
Enter your email address, and it searches a database of data breaches. If your email address was compromised, you’d see it here. Chances are, you will see yours here, especially if it’s from a free email service like Gmail or Yahoo.
My primary email address was found in the big Apollo data breach last summer, which left billions of data points, including over 126 million email addresses and phone numbers exposed in a public file.
If you find your email address has been included in a breach and it includes passwords, you should change it for that account. You can also sign up for updates and should your email address be discovered in a breach, you’ll be notified.
You should also check your passwords to see if they’ve been stolen or used. Haveibeenpwned will show how many times it’s been seen from data breaches.
I checked for the password “Password,” one of the worst passwords ever, it’s been seen over 3.5 million times. Another common password, “123456qwerty,” had been seen 53,000 times.
I also checked what might even seem like random letters, “qazwsxecrfv.” It may look like a jumble when it’s written out, but looking at the keyboard you can see it’s a simple top-to-bottom and left-to-right pecks on the left side of the keyboard. Plenty of people apparently use it as a password, it’s been seen 34,000 times according to haveIbeenpwned.
If a password you use shows up as being seen, change it. And don’t use it on more than one account. Accounts are hacked every day. Yours shouldn’t be one of them.