Google Plus hit by another breach – Data of 52.5M users exposed

Google Plus hit by another breach - Data of 52.5 million users exposed

Google Plus has been hit by yet another bug forcing the company to shut down the social media site earlier than previously anticipated.

In October this year, Google revealed that a bug was present in the API for the consumer version of Google Plus (Google+) that allowed third-party developers to access data of not just over 500,000 users but also of their contacts and friends. As a result, the search engine giant planned to shut down Google+ by August 2019.

However, earlier today the company announced that during its routine testing its security team discovered the presence of another bug in Google+ API affecting approximately 52.5 million (both consumer users and enterprise customers).

This means that for the second time this year personal information on Google+ users has been exposed to third-party app developers even when set to not-public.

According to a blog post by David Thacker, VP Product Management, G Suite, the exposed data includes full name, email address, age, occupation, skill, date of birth, gender, photos, image URL and relationship status, etc. Yet the company maintains that there is no evidence if “the app developers inadvertently had this access for six days were aware of it or misused it in any way.”

The new development has also forced Google to shut down Google+ earlier than previously anticipated.

“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019,” wrote Thacker.

The good news is that the bug did not expose users’ passwords, national identification numbers or financial data to the app developers.

Google is investigating if any other Google+ APIs were impacted by the bug meanwhile Google is contacting enterprise customers and consumer users impacted by the breach.

“We understand that our ability to build reliable products that protect your data drives user trust. We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs,” concluded Thacker.

If you are a Google+ user, by April 2019, you will no longer be able to access the website or its mobile apps. 

Related Posts