Google Aware Of Large-Scale Data Breach But Chose Not To Disclose It

Social Network Google Plus Bug Exposed Data Of Lakhs To Be Shut Down

Internet giant Google has said it is shutting down the consumer version of its own social networking site Google+ due to low usage and a bug discovered in March previous year that could leak the data of about half a million of its users.

Data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.

The bug: This had been around since 2015 and was found in code that lets third-party app developers access publicly available Google+ profile data about a user and their connections, so long as the user gives permission.

That breach left the personal information of about 500,000 users exposed, and was caused by a bug on a People API on Google+.

Information that could be accessed did not include posts, messages or telephone numbers, a spokesperson said.

According to a report in the Wall Street Journal, the company knew about the issue in March but did not disclose it.

The Wall Street Journal reported that Google executives opted against notifying users earlier because of concerns it would catch the attention of regulators and draw comparisons to a data privacy scandal at Facebook. The company has said it hasn't found any evidence that the exposed data was misused or inappropriately accessed by any third party.

These apps will also need to agree to new rules on handling Gmail data, and will be subject to new security assessments.

Google has recently been at the center of a number of privacy breaches.

The company said the bug was located in the Google+ People API.

Now, "Only apps directly enhancing email functionality ... will be authorized to access this data", Smith assured.

However, Google will continue to use Google+ for Enterprise purposes as an internal social network for companies rather than for consumers, saying that it is the most popular use of the social network.

As for Google+, the search giant won't miss it that much because the site never got off the ground with end users. "We made a decision to sunset the consumer version of Google+", the company said in the post.

Following this report being published, Google announced that it found the security hole in part thanks to something the company is calling Project Strobe.

"The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers' expectations", Ben Smith, vice president of engineering, wrote in a blog post.

Related:

Comments


Other news