The tech giant, Google, can’t stay out of the headlines these days. The Google+ security breach has been publicly revealed, along with their plan on shutting this social media network down completely.
496,951 users were impacted by a security vulnerability in one of Google+’s People APIs, which allowed third-party developers access to user data. User information such as usernames, email addresses, occupation, date of birth, profile photos, places lived, and relationship status was exposed.
Fear of Comparison
It is rumored that Google neglected to disclose the breach to the public, fearing that it would damage their reputation. Google also did not want to be compared to Facebook’s recent data breach, exposing 50 million users’ data.
It is unknown the exact number of users affected by the vulnerability, as Google doesn’t keep API logs for more than two weeks. Google assured its users that the company found no evidence that any developer was aware of this bug, or that the profile data was misused by any of the 438 developers that could have had access.
“However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API,” Google stated.
The vulnerability was open since 2015, and as soon as it was discovered in March 2018 it was fixed. Google has not revealed the technical details of the vulnerability, but the nature of the flaw appears to be similar to Facebook’s API flaw.
Google+ Shutting Down
Google also announced, along with admitting the security breach, that Google+ will be shutting down. Their social media network didn’t gain momentum or traction with consumers.
“The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds,” Google said.
Google+ will officially shut down to consumers by the end of August 2019 but will remain available to Enterprise users.
New Privacy Controls
Google engineers analyzed third-party developer access to Google accounts and Android device data, as a part of Project Strobe. After their review, there will be new privacy controls put into place.
Third-party apps prompt users to grant access for a list of permissions to access, leaving an opportunity for malicious apps to trick users into giving away powerful permissions.
With Google’s new updated Account Permissions system, each permission is requested individually rather than all at once. This allows the user to review each request and give them the control over what type of account data they choose to share with each app.
Original Article Found Here.