Story image

52mil users affected by Google+’s second data breach

11 Dec 18

Google is bringing forward the planned shutdown of its social media platform, Google+, after 52 million users were impacted by another security breach.

A software update introduced in November contained a bug that was affecting a Google+ API.

In a statement on its site, G Suite product management VP David Thacker says the bug was discovered as part of its testing procedures and fixed within a week of its introduction.

“No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

Thacker says Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.

He adds that Google has begun the process of notifying consumer users and enterprise customers that were impacted by the bug and there is an ongoing investigation of the potential impact on other Google+ APIs.

This is the second breach on Google's social media platform. 

Google was accused of failing to disclose the first breach, which happened in March, potentially affecting 500,000 Google+ accounts. 

Soon after news of the breach became public, Google announced plans to shut down Google+, saying it “has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps.”

Google posted these details about the latest bug and the investigation on its site:

Testing revealed that a Google+ API was not operating as intended.

The bug was fixed and Google began an investigation into the issue.

Our investigation into the impact of the bug is ongoing, but here is what we have learned so far:

  • We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
     
  • With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
     
  • In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
     
  • The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
     
  • No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Office workers frustrated by poor information management systems
82% of workers believe poor information management is damaging their productivity in the workplace.
Jobs 'aplenty' for freelance writers, devs & ecommerce specialists?
Jobs tagged with the keyword ‘writing’ took the top spot as the fastest moving job in 2018.
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
Edtech firm Kami raises $1.5m
New Zealand edtech startup Kami has raised $1.5 million to help take the company to North America and beyond. 
How SMBs can use data to drive business outcomes
With the right technology, companies can capture consumer, sales, and expense data, and use it to evaluate and construct future plans.
Startup launches online marketplace for lending items in AU
Think TradeMe, eBay, Amazon, except instead of buying products, you’re renting spare items from everyday consumers.
Adobe revamps Experience Cloud for retailers
Adobe has revamped its Adobe Experience Cloud to offer customer experience management (CXM) capabilities that draw on AI and machine learning technology.