Technology

Google+ Bug Exposed Data of 500,000 Users

Google said it "found no evidence that any profile data was misused" but it will shut down the consumer version of Google+ by August 2019.
Matthew HellerOctober 9, 2018
Google+ Bug Exposed Data of 500,000 Users

A software glitch in the Google+ social network exposed the private data of hundreds of thousands of users until it was patched in March 2018, Google said Monday in belatedly disclosing the bug.

According to a post on a Google corporate blog, the bug meant app developers who were given permission by a Google+ user to access the user’s profile information could also have gained access to profile data that was shared with the user but not marked as public.

The profiles of up to 500,000 Google+ accounts were potentially affected, but Google said it “found no evidence that any developer was aware of this bug … and we found no evidence that any profile data was misused.”

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

The search giant said it discovered and immediately patched the bug in March but chose not to disclose it at the time because it could not accurately identify which users to inform, whether there was any misuse or whether there were any actions a developer or user could take in response.

But The Wall Street Journal reported that Google’s legal and policy staff also prepared a memo warning that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.

“The snafu threatens to give Google a black eye on privacy after public assurances that it was less susceptible to data gaffes like those that have befallen Facebook,” the Journal said.

Google makes user data available to app developers through more than 130 different public channels known as application programming interfaces, or APIs. “These tools … can be misused by unscrupulous actors posing as app developers to gain access to sensitive personal data,” the Journal noted.

In the case of Google+, the glitch affected an API through which users share their profile data, and the data of their friends, with Google+ apps, Google said in the blog post.

Google also announced in the post that it will shut down the consumer version of Google+ by August 2019, citing “the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations.”