By completion of next August, Google+ will be a goner.
Stephen Shankland/ CNET.
A vulnerability in the Google+ social media network exposed the individual information of approximately 500,000 individuals utilizing the website in between 2015 and March 2018, the search giant acknowledged Monday.
Google stated it discovered no proof of information abuse. Still, as part of the action to the occurrence, Google prepares to close down the social media network completely.
The business didn’t reveal the vulnerability when it repaired the issue in March since it didn’t wish to welcome regulative examination from legislators, according to a report Monday by The Wall StreetJournal Google CEO Sundar Pichai was informed on the choice to not reveal the finding, after an internal committee had actually currently chosen the strategy, the Journal stated.
Google stated it discovered the bug as part of an internal evaluation called Project Strobe, an audit began previously this year that analyzes access to user information from Google accounts by third-party software application designers. The bug offered apps access to details on an individual’s Google+ profile that can be marked as personal. That consists of information like e-mail addresses, gender, age, images, relationship statuses, locations lived and professions. Up to 438 applications on Google+ had access to this API, though Google stated it has no proof any designers understood the vulnerability.
“The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations,” Ben Smith, vice president of engineering, stated Monday in an article. “Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.”
< div class ="shortcode video v2" data-video-playlist="[{" id="" bug="" exposed="" data="" of="" up="" to="" google="" users="" details="" like="" email="" addresses="" and="" birthdates="" may="" have="" been="" exposed.="" news="" video="">
Watch this:
Google bug exposed data of up to 500,000 Google+ users
1:35
The news comes as Silicon Valley companies have been increasingly scrutinized for their data collection practices. Facebook brought the issue to the forefront in March after its Cambridge Analytica scandal, in which a UK-based digital consultancy harvested data on 87 million Facebook users without their permission.
Google has already drawn controversy over its data collection practices. In July, the company was criticized after reports that employees for third-party email apps could read your email if you integrated those apps with your Gmail account. Google was hammered again a month later, when the Associated Press revealed the company was tracking users’ locations even after they’d turned off their phones’ location history setting.
Last month, Google Chief Privacy Officer Keith Enright — alongside representatives from other tech and telecom giants including Apple, Amazon and AT&T — testified before the Senate on privacy practices in Silicon Valley. Google CEO Sundar Pichai reportedly is expected to take the hot seat in another congressional hearing after the US midterm elections in November.
Google+ launched with much fanfare in 2011, positioned as the search giant’s answer to Facebook. But the social network never gained traction among consumers. Google eventually peeled away some of the services’ most popular features, including Hangout chats and its photo capabilities, and put them into standalone apps. On Monday, Google said 90 percent of Google+ sessions today last less than five seconds.
The search giant said it’ll shut down Google+ by the end of August 2019 to give people a chance to migrate their information and get used to the transition. (Here’s how to delete your account.)
After Google announced the social network’s shutdown, even people who helped launch the product said the time had come to end it.
“As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is… FINALLY,” tweeted David Byttow, a former Google engineer.
As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is… FINALLY.
— David Byttow (@davidbyttow) October 8, 2018
Specifically, the issue disclosed Monday came through one of the Google+ “People” APIs, a developer tool available to third-party app developers. Still, outside app makers weren’t supposed to have access to private profile information. The API was designed to only keep logs for two-week periods. Even in that short amount of time, Google’s audit found that nearly half a million Google+ accounts could have been affected in just 14 days’ worth of analysis.
The company said it often notifies users when there are security issues and flaws and user data is affected, but its privacy and data protection office said the bug didn’t meet the threshold. The office looks at what data was taken, if affected users need to be informed, if there was any evidence of data abuse, and whether users could effectively respond.
Ireland’s data protection regulation group said Tuesday that it will seek more information from Google about the security vulnerability, according to Reuters.
“The Data Protection Commission was not aware of this issue and we now need to better understand the details of the breach, including the nature, impact and risk to individuals and we will be seeking information on these issues from Google,” the commission said.
Google doesn’t have a lead supervisory authority for the incident because it occurred before the European Union’s General Data Protection Regulation (GDPR) privacy law went into effect in May, Reuters noted.
First published Oct. 8, 10:12 a.m. PT.
Update, Oct. 9, 7:10 a.m. PT: Adds Irish data protection regulator’s statement and GDPR detail.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
Special Reports: CNET’s in-depth features in one place.
