Google+ to shut down after security flaw exposes users' private details

Kelley Robertson
October 12, 2018

Google says the were able to discover and immediately patch this bug in March of this year.

The flaw meant some Google profile information that users had thought was private, such as a person's email address, occupation, gender or age, could have been viewed by third parties, the company said in a post on a corporate blog. "None of these thresholds were met in this instance", wrote Ben Smith, a Google vice president of engineering. Google said that it also found no evidence that any of the developers behind the 438 applications that used the API in question were aware of the bug. Google says it fixed the issue as soon as it was discovered, but the awful part of this all is that Google opted not to disclose the breach to users, instead sweeping the situation under the rug, hoping nobody would notice. This bug allowed apps that had access to Profile fields that were shared with the user but not marked as public. The company announced today that it's killing the consumer version of Google+ after it discovered some major privacy issues with the official Google+ APIs. "We chose to sunset the consumer version of Google+", the company said in the post.

Google does not yet have a lead EU Supervisory authority, as the breach apparently happened before the EU's new privacy law, the General Data Protection Regulation (GDPR), was implemented.

The WSJ quoted an internal Google memo that said doing so would draw "immediate regulatory interest".

Per the Wall Street Journal, Chief Executive Sundar Pichai was briefed on the plan to not disclose the data breach.

In light of the data breach, Google said consumers will "get more fine-grained control" over what data they choose to share, and that they will limit the number of apps that can gain access to consumers' Gmail data.

"Users have the right to be notified if their information could have been compromised", said Friedman CyZen managing director Jacob Lehmann, attributing Google's actions to the scrutiny that Facebook received after the Cambridge Analytica scandal. "But Plus flopped and quickly turned into a digital ghost town, prompting Google to start de-emphasizing it several years ago".

Google has admitted that adoption of the its social network and subsequent user engagement has been low, with 90% of Google+ user sessions lasting for less than five seconds.

"In this situation, there was a pretty serious decision being made about how to handle a situation involving sensitive personal data and there was no transparency into that decision", he says.

Other reports by

Discuss This Article