The date was 28th of June 2011, Google+, the social media that no one really asked for, was born. Now, fast forward 7 years and the Tech Giants are shutting it’s Google+ doors after the company suffered a big data breach that has exposed over 500,000 users’ private data to third-party developers. A vulnerability that has been open since 2015.
According to Google, the Google Plus platform APIs allowed third-party developers to access data of more than 500,000 users and since the Google Plus servers don’t keep API logs for more than two weeks, the company cannot confirm the number of users impacted by the vulnerability, could be a lot more users.
What did these third-party developers have access to?
- Email Addresses
- Date of Birth
- Profile photos
- Gender-related information
To name a few…
However, to Google’s credit, they have assured users that the company found no evidence that any of the 438 developers, that could have had access to this sensitive information, have miss used or were even aware of this bug that has been open since 2015.
“At the beginning of this year, we started an effort called Project Strobe—a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access. This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened.” Google stated in a blog post.
“However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.” They continued.
According to Google at the time of findings they did not want to come out with the breach as Facebook was going through its own privacy scandal regarding Cambridge Analytica and the Tech Giants believed that coming out with this vulnerability at the same time would heavily regulated the industry.
Amongst speculations, Google has now confirmed that they will be shutting down its consumer version of Google+, acknowledging that the platform failed to gain a broader adoption within the consumer market.
“The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds,” Google Stated.
“To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data.” Google Continued.
Google Plus will still continue as a product for Enterprise users.
Google Introduces New Privacy Controls
“Finding 2: People want fine-grainded controls over the data they share with apps.”
Google is currently doing a big overhaul as part of it’s “Project Strobe“, reviewing all third-party developer access to Google account and Android devices data; and they have now introduced new privacy controls.
“When an app prompts you for access to your Google account data, we always require that you see what data it has asked for, and you must grant it explicit permission.” Google posted.
Currently when a third-party app prompts users for access to their Google account data, clicking “Allow” approves all requested permissions at once, leaving an opportunity for malicious apps to trick users into giving away strong permissions.
This is how the current process looks like:
This is what it will look like:
As you can see, Google will be updating its Account Permissions system that asks for each requested permission individually so that the user can make their own decision as to what they would like to share rather than all at once, giving users more control (which Is great).
Google shares fell over 2 % to 1144.99 after the data breach reports.
Other Articles You May Enjoy:
- Tech Patrol: Cyber Threat Guide 2018