View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 10, 2018updated 11 Dec 2018 10:04am

Fresh Google+ Bug Revealed Data of 52 Million: Google Hastening Platform’s Closure

Company to "sunset" Google+ by April instead of August

By CBR Staff Writer

A fresh Google+ bug exposed the data of 52.5 million users last month, Google said today – and the company is now hastening to shut the little-loved social media platform earlier than initially planned.

The bug granted apps full access to profile information even when the user had set their permissions to private. It comes after the company in October disclosed that it had exposed the data of over 500,000 users.

The issue, announced today, also affected enterprise customers.

David Thacker,VP, Product Management, G Suite said: “A list of impacted [business] users in those domains is being sent to system administrators”.

“In addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly,” he noted.

In other words, it allowed apps to see Google+ user’s friends data too.

Google+ API Bug “Found, Fixed in a Week”

The bug resulted from a November software update and was discovered as “part of our standard and ongoing testing procedures” Google said, without stating precisely when and whether it had told European regulators.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

See also: Google Restricts Gmail API Access, Kills Google+ After Data Exposed

The decision comes after the company in October revealed that a Google+ bug had exposed the personal profiles of up to 500,000 users, with the API at fault used by 438 applications. The company took six months to reveal that issue.

That bug, in the People API, exposed the name, date of birth, email address, relationship status, places lived, biography and more of up to half a million people. Google consequently opted to close the little-used social media platform.

New Google+ Bug: No Compromise

“No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way,” Thacker wrote today.

He added: “With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days.”

The company is also bringing forward its planned closure of consumer Google+ by five months, from August 2019 to April 2019.

Thacker said: “While we recognize there are implications for developers, we want to ensure the protection of our users.”

A Note for Enterprise Users… 

“We want to reiterate that we will continue to invest in Google+ for enterprise. More details were announced in October”, Thacker said.

He was referring to tightened control over API access to Gmail user data, with Google in October updating its User Data Policy for the consumer Gmail API to limit the apps that can seek permission to access consumer Gmail data and saying it has “clarified that human review of email data must be strictly limited.”

“Only apps directly enhancing email functionality—such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)—will be authorized to access this data. Moreover, these apps will need to agree to new rules on handling Gmail data and will be subject to security assessments,” Ben Smith, Google VP of Engineering wrote at the time.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU