Google Plus to shut down after massive data leak

Coding error found to have exposed half a million accounts after Project Strobe API review

Google is shutting down Google Plus after it not only failed to gain traction with people happier with the likes of Facebook and Twitter, but also because it discovered a massive data leak affecting up to half a million users.

In a blog post, Google said that after a major security review, dubbed Project Strobe, the social networking service would close. The review found a sizable flaw in Google Plus APIs that meant malicious apps could extract data such as the name, email address, occupation, gender, and age from a person's profile.

Advertisement - Article continues below

"It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content," said Ben Smith, Google Fellow and vice president of engineering.

Smith said that "the Profiles of up to 500,000 Google+ accounts were potentially affected." However, Smith added that the API's log data is only kept for only two weeks and analysis showed that up to 438 applications may have used this API.

"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused," Smith said. 

Advertisement
Advertisement - Article continues below

Google's Privacy & Data Protection Office reviewed this issue to look at the type of data involved to see if the firm could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response, according to Smith.  "None of these thresholds were met in this instance," he said.

Advertisement - Article continues below

Smith said that despite Google's engineering teams putting in a lot of effort, "it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds."

Google Plus will come to an end for consumers next August, but business users will still be able to use the service as an internal corporate social network.

The firm has also promised to institute new security rules, including limits around the types of use cases that are permitted to access consumer Gmail data.

"Only apps directly enhancing email functionality - such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)will be authorised to access this data," Smith added.

Google will also remove access to contact interaction data from the Android Contacts API within the next few months. In addition, Google Account permissions dialog boxes will be spilt to show each requested permission, one at a time, within its own dialog box.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/business-strategy/31780/the-it-pro-panel
Business strategy

The IT Pro Panel

24 Feb 2020
Visit/technology/30736/what-is-ethical-ai
Technology

What is ethical AI?

11 Feb 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/security/phishing/355120/hackers-pose-as-three-to-exploit-high-data-demand
phishing

Hackers target Three customers with "sophisticated" phishing scam

26 Mar 2020