Google+ – Google’s try at beating Facebook with their own network which never really worked out. The social network had its Facebook moment in October though, when it leaked the info of around 500k accounts. That’s when Google decided to finally pull the plug and shut the network down. While not the only reason for its closure, it definitely contributed.
Now a new bug makes things even worse: The privacy of over 52 million users could be at risk.
52.5 million Google+ profiles accessible
Just as the last bug this one is once again found in the Google+ API. According to the announcement the investigation of the bug is still ongoing but there are at least a couple of things that Google can already tell us.
One of them is that apparently apps that requested access to user information got it all – even if the user had actually opted to keep it private. This included data like names, email address, occupation, and age (full list here). The good thing: The bug apparently didn’t give access to data like financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
No data was abused
The information was available for a whole 6 days before Google fixed it. Nonetheless it seems like there is no evidence that any developer was aware of the issue – which is kind of a prerequisite for it to be abused.
The issue had some other consequences though: Google decided to retire all Google+ APIs in the next 90 days. The internet giant also announced that it will accelerate the closure of Google+ itself and move the date from August 2019 to April 2019.