The Google+ Social Network Shuts Down After A Vulnerability Was Found
Google+, the search engine’s social network service, was permanently shut down after it was revealed that it faced a “potential” data breach that exposed data of hundreds of thousands of users. On Oct. 8, Google published a blog post that a bug was found in the Google+ social media network gave third-party developers access to users’ private Google+ profile information for more than three years.
Google conducted tests and determined that 496,951 users who had shared private profile data with a friend “could have” had their data accessed by an outside developer via an API. The data vulnerability was limited to profile fields including name, email address, occupation, gender and age. Google did state that “we found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”
Google released the following points regarding the data vulnerability.
- Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API.
- The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
- This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. (See the full list on our developer site.) It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.
- We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change.
- We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.
- We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.
You can read Google’s entire post about the Google+ data vulnerability here.