Google+ data breach ‘kept quiet’ and now failed social network is shutting down

Google has announced it is shuttering the failed Google+ social network as a result of privacy concerns, while giving users much more control over how third-parties access users account data.

Earlier on Monday, a Wall Street Journal report exposed the company for failing to disclose a serious data breach in March 2018, which exposed the personal data of hundreds of thousands of users. The ‘sweeping changes’ cited in the WSJ report include the permanent shutdown of G+ for consumers.

Internal documents seen by the Journal say a security vulnerability, which was spotted and immediately fixed, gave third-party developers access to the data posted between 2015 and 2018.

According to the report, Google opted against a public disclosure of the issue due to fear of recriminations from regulators, but the company is now admitting half a million users were left vulnerable by the bug.

The company wasn’t clear whether any misuse of the data took place, but the bug certainly exposed names, email addresses, dates of birth, places lived, gender, occupation and relationship status of those users.

Related: Google Pixel 3

In a blog post on Monday the company writes: “We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.”

So what’s happening elsewhere? Well, the company is giving users more granular controls over the data they share with individual apps. Moving forward, requested permissions will be displayed individually within their own dialog box. This means users will be able to more easily control whether they share information with the developer for one Google app and not the other.

Google privacy permissions

Google is also limiting the ‘types of use cases’ that are permitted within the consumer Gmail API.

In a blog post, Google writes: “Only apps directly enhancing email functionality—such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)—will be authorised to access this data. Moreover, these apps will need to agree to new rules on handling Gmail data and will be subject to security assessments.”

Will you miss Google+? If a tree falls in the woods and no-one is around to hear it, does it really fall? Let us know @TrustedReviews on Twitter.

Privacy Settings