Story image

52mil users affected by Google+’s second data breach

11 Dec 18

Google is bringing forward the planned shutdown of its social media platform, Google+, after 52 million users were impacted by another security breach.

A software update introduced in November contained a bug that was affecting a Google+ API.

In a statement on its site, G Suite product management VP David Thacker says the bug was discovered as part of its testing procedures and fixed within a week of its introduction.

“No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

Thacker says Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.

He adds that Google has begun the process of notifying consumer users and enterprise customers that were impacted by the bug and there is an ongoing investigation of the potential impact on other Google+ APIs.

This is the second breach on Google's social media platform. 

Google was accused of failing to disclose the first breach, which happened in March, potentially affecting 500,000 Google+ accounts. 

Soon after news of the breach became public, Google announced plans to shut down Google+, saying it “has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps.”

Google posted these details about the latest bug and the investigation on its site:

Testing revealed that a Google+ API was not operating as intended.

The bug was fixed and Google began an investigation into the issue.

Our investigation into the impact of the bug is ongoing, but here is what we have learned so far:

  • We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
     
  • With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
     
  • In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
     
  • The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
     
  • No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.
Survey shows Aussie CEOs fear cyber attacks more than most
A recent Accenture survey of CEOs shows we worry more about the potential US$5 trillion in lost revenue due to attacks than our global counterparts.
LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.
Commvault fully integrates backup with Cisco Hyperflex
Its IntelliSnap technology has been validated to work with Cisco HyperFlex hyper-converged systems without the need for third-party tools.
Experts comment on record 772mil-user data breach
Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.
McAfee Gartner Customers’ Choice for Secure Web Gateway
“We take great pride in being recognised by our customers on Gartner Peer Insights, and their willingness to recommend McAfee Web Gateway technology”
Lenovo invests in ePaper company in bid to revive tablets
As the tablet market declines, Lenovo is making an investment in CLEARlink in order to create a low-power, colour, outdoor-ready display.
OutSystems three APAC Partners of the Year
Of the seven companies named in the OutSystems recent partner awards, three have a strong APAC presence.
Hands-on review: Nvidia GeForce RTX 2080 Ti FE
The lack of games taking advantage of the GeForce RTX 2080 Ti makes reviewing the card rather challenging