It has been only two months since Google reported a bug discovery in one of the Google+ People APIs, which affected up to 500,000 Google+ accounts, initiating the shutdown of Google+. Yesterday, Google+ suffered another massive data leak that has impacted approximately 52.5 million users in connection with a Google+ API. This has led Google to expedite the process of shutting down Google+. The access to the Google+ API network will be cut off in the next 90 days and it will shut down completely in April, rather than August next year.
In a blog post on Google, David Thacker VP, Product Management, GSuite stated that this bug was added as a part of a software update introduced in November and immediately fixed. However, people are upset that the data leak was disclosed now.
The software bug allowed apps that requested permission to view profile information of a Google+ user (name, email address, occupation, age etc), were granted permission even when set to not-public. In addition, Thacker mentions, “apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.”
However, user financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft, was not given access to.
Google discovered the bug as part of its standard testing procedure and says there is “no evidence that the app developers that inadvertently had this access for six days were aware of it or misused.” Google says it’s begun notifying users and enterprise customers who were impacted by the bug.
Thacker also says maintaining users’ privacy is Google’s top concern. “We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs.”
People on Hacker news were highly critical of this data leak and expressed concerns on the kind of organization Google is turning out to be.
“I’ve been online since Google was a new up and coming company. There is a world of difference between the civic-mindedness of Google back then and Google now. Google has gone from something genuinely idealistic to something scary and totalitarian. If you aren’t of the same “tribe” as the typical Googler, then basically, you’re a subject.”
“So, how does Google, which we all trust with our precious data end up messing up like this several times in a row?
If this is the company with the best security team in the world does that mean we should simply abandon all hope”
“They could have done soo much more with Google+ … The hype was real up until launch. Really wish they had done things a little differently. Oh well… With all these leaks, I’m actually really glad they weren’t successful with this.”