Story image

Google shutting down Google+ after covering up privacy bug

09 Oct 2018

Google has announced plans to shut down its social media platform Google+ after the Wall Street Journal reported it failed to disclose to a bug that potentially affected 500,000 accounts.

The Wall Street Journal obtained internal memos showing that Google’s management was aware of the bug, but chose not to share it with the public to avoid scrutiny by regulators.

Soon after the article was published, Google engineering fellow and vice president Ben Smith disclosed the bug and Google’s plans to shut down Google+ in a blog post.

The post says that a bug discovered in one of the Google+ People APIs allowed users to can grant access to their profile data, and the public profile information of their friends, to Google+ apps, via the API.

The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.  

This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.

It does not include any other data users may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.

Google discovered and immediately patched this bug in March 2018. It believes it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change.

Google+ API’s log data is only for kept two weeks, so it cannot confirm which users were impacted by this bug.

Google ran an analysis over the two weeks prior to patching the bug which showed the Profiles of up to 500,000 Google+ accounts were potentially affected.

Up to 438 applications may have used the API.

Google says it found no evidence that any developer was aware of this bug, or abusing the API, and it found no evidence that any Profile data was misused.

Smith says in the post that Google+ “has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps.”

“The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”

Smith also announced in the blog post that Google will be launching more granular Google Account permissions and tightening up security permissions accessible via its APIs. 

Webroot senior threat research analyst Tyler Moffitt says, “Although it seems that Google has shut down an entire line of business due to this breach, from a GDPR perspective, the company appears to have gotten off lightly.

“Had this breach occurred just a few months later, Google could be subject to strict GDPR fines for not keeping user data safe. 

“It's important for consumers to realise that connecting apps in social media platforms only increases the amount of valuable information that could potentially be breached, as well as increased attack vectors that hackers can leverage.

Dell EMC’s six server market trends
As the evolution of cloud-based computing continues, it is important to know what’s ahead to stay ahead of the market.
Huawei FusionServer Pro built for 'intelligent transformation'
The next generation X86 servers draw on an intelligent acceleration engine, an intelligent management ending, and intelligent data center solutions for ‘diverse’ scenarios as transformation shifts from digital to intelligent.
HFW deploys digital edge strategy on Equinix
Equinix announced that global law firm HFW has collaborated with Equinix to build out its digital edge in key markets including Dubai, London, Hong Kong, Melbourne and Paris.
SEAX Singapore hosts new Epsilon PoP in Kuala Lumpur
The partnership will allow Epsilon customers and partners to onnect at the new PoP through Epsilon’s Infiny by Epsilon Software-Defined Networking (SDN) platform.
Teradata expands as-a-service offerings for Advantage platform
Data intelligence company Teradata has announced three new cloud and on-premise solutions that are now integrated into its Teradata Vantage platform.
AirTrunk raises $450m: Singapore hyperscale data center on the cards
Australian hyperscale data center specialist AirTrunk has raised SG$450 million in order to finance its expansion across Asia Pacific.
Cisco leads Australian network infrastructure market - IDC
Despite a drop in router and wireless LAN, ethernet switches are quickly gaining popularity, according to the latest statistics from IDC.
Hawaiki expands US point-of-presence to Seattle
The Hawaiki submarine cable that connects Australia, New Zealand, the Pacific Islands and Hawaii to the United States now has a new point of presence in Seattle.