Google exposed personal data of nearly 500,000 and didn't disclose it

Alfred Osborne
October 11, 2018

Google is shutting down its Google+ social network for consumers after discovering-and, for seven months, not disclosing-a bug that could have exposed private data for up to 500,000 users since 2015.

The post says that a bug discovered in one of the Google+ People APIs allowed users to can grant access to their profile data, and the public profile information of their friends, to Google+ apps, via the API. "None of these thresholds were met in this instance".

The company is also stressing its commitment to security - now offering "more fine-grained control" of what account data Google users share with third-party apps.

Google found and patched the hole this March and an engineering team had briefed CEO Sundar Pichai on the issue along with its prposed intention to not disclose the vulnerability for fear of government investigation and loss of public trust. Google ran an internal test and found that as many as 496,951 users may have had their data compromised, according to the Wall Street Journal.

"The consumer version of Google+ now has low usage and engagement: 90 percent of Google user sessions are less than five seconds", the company said.

Imf Warns Of 'somewhat' Greater Global Financial Risk
It also assumes that Trump imposes a 25 percent tariff on imported cars and auto parts. That initiative includes China, India and Japan, but not the United States.

Lancet report: Mental health disorders on the rise in India
According to a survey conducted by the World Health Organisation (WHO) in 2015, over five crore Indians suffer from depression .

Burgoon leads CIMB Classic after Round 1
Winning the Order of Merit is something I want to achieve by December and playing well here goes a long way to achieve that. TPC KL is one of those golf courses where I feel comfortable standing on the tee boxes and seeing what's in front of me.

Gmail add-ons available to consumers starting next year will be barred from selling user data and be subject to a third-party security assessment that will cost them about $15,000 to $75,000, Google said.

Those who are very panicked may find solace in the fact that Google did state that the firm only keeps API log data for two weeks. Google is finally killing its awful social network Google+. However, Google claims to have no evidence that suggests that any external developer or app had access to the data. In the aftermath of what appears to have been a major security flaw within Google+, the company ended up not disclosing the breach of information to its users.

Google is also likely to roll out several other gadgets, including a new version of its "smart" Home speaker, a rumoured tablet with a detachable keyboard and an update to its Chromecast streaming device, based on media leaks. Google declined to comment beyond its blog post.

David C. Vladeck, former director of the FTC's Bureau of Consumer Protection and now a Georgetown Law professor, said the new Google+ incident is "obviously a problem for Google".

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER