Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure

Just die already.
            

Google admits Google Plus hit by *another* privacy flaw, says it will shut it down four months sooner

Here’s a quick recap.

Between 2015 and March 2018, there was a serious privacy hole in the Google Plus social network that meant users’ names, email addresses, dates of birth, genders, profile photographs, places lived, relationship statuses, and occupations were exposed to third-party app developers through an API bug.

In March 2018, Google chose not to go public that it had been failing to protect its users’ privacy for years, fearful that it would find itself in the media’s headlights when arch-rival Facebook was being quite rightly being flayed over Cambridge Analytica.

In fact it took until October 2018 for Google to finally admit that there had been a problem, and that approximately half a million Google Plus profiles had been potentially affected in just the two weeks prior to patching the bug, and 438 separate third-party applications having access to the unauthorised Google Plus data.

In light of the revelations, and presumably to take the steam out of the attacks it knew it was about to receive from the media and regulators, Google announced that it would be closing down Google Plus by the end of August 2019.

Google’s failure to protect user data, and its subsequent cover-up, would be bad enough… but now there’s more bad news.

Google has now admitted that Google Plus has suffered another security failure, allowing the personal information of 52 million users to be accessed by third-party apps and developers without permission.

So, even if you had your profile information - such as your name, email addresss, occupation, etc etc - set as “not-public”, the information could be accessed by unauthorised parties.

According to Google, the flaw was introduced through a software update in November and was spotted less than a week later. The search giant says that it has seen no evidence that any app developers were aware of the flaw or misused it.

Google says it will now shut down Google Plus in April 2019, five months sooner than the previous announcement suggested:

With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019.

Good riddance Google Plus.

            

Tags: , , , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

One Response

  1. mark jacobs

    December 11, 2018 at 11:18 am #

    Soon, black hats will have a cornucopia of information that’ll allow them much easier identity theft. Possibly even now!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.