Tuesday, 19 February 2019
Latest news
Main » Google exposed personal data of nearly 500,000 and didn't disclose it

Google exposed personal data of nearly 500,000 and didn't disclose it

10 October 2018
Google exposed personal data of nearly 500,000 and didn't disclose it

The Google+ data breach was discovered in March of this year during an audit of the company's APIs, conducted by a privacy task force codenamed Project Strobe. Before patching it, Google ran an analysis and found that up to 500,000 Google+ accounts were affected.

Thankfully, according to Google, no developer was aware of the bug, was misusing the Google+ API, or had misused private data from users' profiles. According to the Journal, Google's legal team said in a memo that news of the breach would result in "immediate regulatory interest".

As part of the announcement, Google also promised to give users "more fine-grained control over what account data they choose to share with each app".

Launched in 2011, Google Plus was supposed to be a challenger to Facebook, which now has more than two billion users.

Google said it would continue to offer private Google+-powered networks for businesses now using the software.

Google also announced that, "we can not confirm which users were impacted by this bug". The error allowed the details of nearly 500,000 people to be accessed by the applications, even when they had demanded that they keep their data private.

The affected data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age, Google said.

Google's excuse is that it found no evidence of any of the data being misused, however, it also has no way of being sure of that. However, it's possible that data were abused and Google just doesn't know about it yet.

Google does not yet have a lead EU Supervisory authority, as the breach apparently happened before the EU's new privacy law, the General Data Protection Regulation (GDPR), was implemented. The company did not check up with any of the developers of the aforementioned 438 apps.

This bug helped outside developers to gain access to users personal data. This is likely why an internal committee reportedly made the decision to keep the vulnerability a secret and briefed Google CEO Sundar Pichai about their plan.

A Google spokesperson cited "significant challenges in creating and maintaining a successful Google+ that meets consumers" expectations" along with "very low usage' as the reasons for killing off the service. In addition, Google Account permissions dialog boxes will be split to show each requested permission, one at a time, within its own dialog box.