Sun, 31 May 2020

Millions of users impacted by another Google+ bug

By Sheetal Sukhija, Minneapolis News.Net
12 Dec 2018, 05:13 GMT+10

CALIFORNIA, U.S. - Two months after announcing its decision to shut down Google+, the Alphabet-owned search engine giant has revealed that it found another vulnerability within the network that has impacted millions of users.

On Monday, Google revealed in a blog post that the company had discovered another bug that caused personal data of 52.5 million of its Google+ users to be exposed.

According to Google, the vulnerability exposed "name, email address, occupation, and age" of 52.5 million users to third-party developers.

It said that the flaw exposed the user details even if accounts had been set to private. 

Google said that the bug "discovered recently" was introduced to the network during a November software update. 

The company noted that since the bug allowed app developers to access profile information that was not marked public, App developers inadvertently gained access to this data over six days.

The issue, it said, was detected during regular testing, and fixed within a week.

In a bid to reassure users, Google said that it had found no evidence that developers misused the information or were aware of it.

It added that no third parties compromised its systems either.

The revelation by Google comes merely a month after it disclosed a similar bug.

In October, the search engine giant said that it had "discovered and immediately patched" a bug in March 2018.

At the time, the company said that the bug potentially allowed developers to access profile data that wasn't public.

The company said that bug affected as many as 500,000 accounts and exposed details including usernames, email addresses, occupations and ages. 

Subsequently, Google announced that it was planning to shutter Google+ in August and said that API access for developers will be shut down within the next 90 days.

However, on Monday, after revealing the second embarrassing privacy issue in two months, Google said that it had decided to shut down Google+ much sooner than planned.

It said that Google+ would now close in April. 

David Thacker, head of product management for G Suite, which hosts Google's range of apps offered to business, wrote in the blog post, "With the discovery of this new bug, we have decided to expedite the shutdown of all Google+ APIs [application programming interfaces]; this will occur within the next 90 days. In addition, we have also decided to accelerate the sun-setting of consumer Google+ from August 2019 to April 2019."

He added, "While we recognize there are implications for developers, we want to ensure the protection of our users."

Google reiterated that its social network had low usage while acknowledging that "maintaining a successful product" involved significant challenges.

More Minneapolis News

Access More

Sign up for Minneapolis News

a daily newsletter full of things to discuss over drinks.and the great thing is that it's on the house!