Second Google+ API bug exposes private data of 52.5 million

Google says it has expedited the platform closure by 4 months as a result

A newly discovered flaw in Google+ has exposed data belonging to 52.5 million users, even if their account settings were set to private, leading the company to shutter the social media platform earlier than expected.

Google revealed that a bug in a Google+ API, discovered in November, allowed developers to access user data, regardless of their privacy settings, and extract information for use in applications.

Advertisement - Article continues below

Google first discovered the bug in November and patched it within a week, the company revealed in an advisory post on Monday. As a result, Google+ APIs will shut down within the next 90 days, preventing any further app development using the platform, and the closure of the service will be brought forward from August to April 2019.

"We've recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API," said David Thacker, VP product management for G Suite. "We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way."

Although there is no evidence that the API was exploited, the bug could have allowed attackers to view information such as name, email address, occupation and age, even if the account settings were not public. Despite this, Google insists that no financial data, national identification numbers or passwords were at risk during this time.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It's a case of Dj vu for Google as a similar buggy API was found in October which allowed malicious apps to access the data of half a million users, again with no evidence that the data was actually accessed or exploited.

In the October announcement, Google first said it would be shutting down its social network for consumers, citing the August 2019 deadline. The decision sparked widespread outrage among customers as it emerged that the company knew about the buggy API as far back as March 2018, taking seven months to disclose its findings.

Google CEO Sundar Pichai will appear before Congress today to address various allegations made against the company, including political bias towards the Democrats, whether it will restart its search engine in China via project Dragonfly, and also the Google+ API bug from October.

Written testimony of Pichai was made public on Monday, around the time of the API announcement. It read that he would defend the integrity of his company's products ahead of a congressional hearing where he was expected to face tough questions including ones surrounding the October Google+ data breach.

Advertisement - Article continues below

"We work hard to ensure the integrity of our products, and we've put a number of checks and balances in place to ensure they continue to live up to our standards," Pichai's testimony read. "I lead this company without political bias and work to ensure that our products continue to operate that way. To do otherwise would go against our core principles and our business interests."

Google+ quickly slipped into irrelevance after its launch in 2011, seemingly in an attempt to rival Facebook which ultimately failed as Zuckerberg's venture, recipient of much criticism for the past few years, still retains market dominance.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
Why it’s time to expand beyond 16:9 monitors
Advertisement Feature

Why it’s time to expand beyond 16:9 monitors

21 Jul 2020