Google says some G Suite user passwords were stored in plaintext since 2005

Google says a small number of its enterprise customers mistakenly had their passwords stored on its systems in plaintext.

The search giant disclosed the exposure Tuesday but declined to say exactly how many enterprise customers were affected. “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” said Google vice president of engineering Suzanne Frey.

Passwords are typically scrambled using a hashing algorithm to prevent them from being read by humans. G Suite administrators are able to manually upload, set and recover new user passwords for company users, which helps in situations where new employees are on-boarded. But Google said it discovered in April that the way it implemented password setting and recovery for its enterprise offering in 2005 was faulty and improperly stored a copy of the password in plaintext.

Google has since removed the feature.

No consumer Gmail accounts were affected by the security lapse, said Frey.

“To be clear, these passwords remained in our secure encrypted infrastructure,” said Frey. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

Google has more than 5 million enterprise customers using G Suite.

Google said it also discovered a second security lapse earlier this month as it was troubleshooting new G Suite customer sign-ups. The company said since January it was improperly storing “a subset” of unhashed G Suite passwords on its internal systems for up to two weeks. Those systems, Google said, were only accessible to a limited number of authorized Google staff, the company said.

“This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords,” said Frey.

Google said it’s notified G Suite administrators to warn of the password security lapse, and will reset account passwords for those who have yet to change.

A spokesperson confirmed Google has informed data protection regulators of the exposure.

Google becomes the latest company to have admitted storing sensitive data in plaintext in the past year. Facebook said in March that “hundreds of millions” of Facebook and Instagram passwords were stored in plaintext. Twitter and GitHub also admitted similar security lapses last year.

Read more:

10 immigration tips for love-struck tech workers

Even techies might agree that server rooms aren’t the most romantic places to fall in love — but it happens. And with foreign-born workers making up nearly three-quarters of Silicon Valley’s labor force alone, many tech-sector romances now come with a romcom-ready complication: What happens when one or both partners are immigrants?

The good news is there’s no reason to put your life on hold just because you’re on an employment-based visa. It’s perfectly possible to fall in love, get married, and — assuming you’ve picked Mr. or Mrs. Right — live happily ever after in America.

The bad news is the immigration system is growing more complicated, with longer delays and policies favoring perceived talent over family unification. If you’re planning to put a ring on it, move quickly because it’s only getting harder to secure a green card and citizenship for you and your partner.

Here are 10 less-than-romantic — but seriously important — immigration tips to consider when Cupid comes calling:

1. If you’re on OPT, get an upgrade

Many tech workers’ first U.S. job opportunity is the up-to-three-year professional training period, or Optional Practical Training (OPT), that comes with student visas.

DefinedCrowd offers mobile apps to empower its AI-annotating masses

DefinedCrowd, the Startup Battlefield alumnus that produces and refines data for AI-training purposes, has just debuted iOS and Android apps for its army of human annotators. It should help speed up a process that the company already touts as one of the fastest in the industry.

It’s no secret that AI relies almost totally on data that has been hand-annotated by humans, pointing out objects in photos, analyzing the meaning of sentences or expressions and so on. Doing this work has become a sort of cottage industry, with many annotators doing it part time or between other jobs.

There’s a limit, however, to what you can do if the interface you must use to do it is only available on certain platforms. Just as others occasionally answer an email or look over a presentation while riding the bus or getting lunch, it’s nice to be able to do work on mobile — essential, really, at this point.

To that end, DefinedCrowd has made its own app, which shares the Neevo branding of the company’s annotation community, that lets its annotators work whenever they want, tackling image or speech annotation tasks on the go. It’s available on iOS and Android starting today.

It’s a natural evolution of the market, CEO Daniela Braga told me. There’s a huge demand for this kind of annotation work, and it makes no sense to restrict the schedules or platforms of the people doing it. She suggested everyone in the annotation space would have apps soon, just as every productivity or messaging service does. And why not?

The company is growing quickly, going from a handful of employees to over a hundred, spread over its offices in Lisbon, Porto, Seattle and Tokyo. The market, likewise, is exploding as more and more companies find that AI is not just applicable to what they do, but is not out of their reach.

The Exit: Getaround’s $300M roadtrip

In August of last year, Getaround scored $300 million from Softbank. Eight months later they handed that same amount to Drivy, a Parisian peer-to-peer car rental service that was Getaround’s ticket to tapping into European markets.

Alven Capital’s Jeremy Uzan

Both companies shared similar visions for the future of car ownership, they were about the same size, both were flirting with expanding beyond their home market, but only one had the power of the Vision Fund behind it.

The Exit is a new series at TechCrunch. It’s an exit interview of sorts with a VC who was in the right place at the right time but made the right call on an investment that paid off. [Have feedback? Shoot me an email at lucas@techcrunch.com] 

Alven Capital partner Jeremy Uzan first invested in Drivy’s seed round in 2013. Uzan joined Index Ventures co-leading a $2 million round that valued the company at less than $10 million. The firms would later join forces again for the company’s $8.3 million Series A.

I chatted at length with Uzan about what lies ahead for the Drivy team, what Paris’s startup scene is still in desperate need of, and how Softbank’s power is becoming even more impossible to ignore.

The interview has been edited for length and clarity. 


Getting the checkbook

Lucas Matney: So before we dive into this acquisition, tell me a little bit about how you got to the point where you were writing these checks in the first place.

Jeremy Uzan: So, I studied computer science and business and then spent three years as a tech banker. I was actually in a very small investment banking boutique in Paris helping young startups to raise their Series A rounds. They were all French companies, my first deal was with the YouTube competitor DailyMotion.