What’s worse than one data leak? Two data leaks. Because of this development, Google says it’ll be shuttering Google+ even earlier.
It’s unlikely this is how Google wanted Google+ to go out, but that is precisely what is happening. Back in October, Google announced that it would be shuttering Google+ in 2019. Shortly after the announcement, people were speculating on the reason why this sudden out of the blue move was made.
It didn’t take long for answers to emerge, though. Shortly after, it was revealed that the doomed social media network had suffered a data breach affecting 500,000 users. From a report at the time:
Google will shut down its Google Plus social-networking service after an internal audit conducted in March 2018 found that more than 400 third-party applications may have improperly gathered the personal information of nearly 500,000 users, Google said in a blog post today (Oct. 8).
The user data included full names, dates of birth, email addresses, cities or areas of residence, genders, marital status, occupational titles, places and dates of employment, profile photos and profile-page background photos. (A full list of the data types can be seen here.) The apps were not at fault — instead, a poorly configured application programming interface (API) let them read more user information than they should have seen.
“Our analysis showed that up to 438 applications may have used this API,” wrote Google vice president of engineering Ben Smith in the Google blog post. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused.”
Those developments back then caused many to effectively write off the network as doomed. In a new development, it looks like fate had decided to kick Google+ while it was down. There was an additional discovery of a potential data leak that affects 52.5 million users. From The Verge:
Google+ has suffered another data leak, and Google has decided to shut down the consumer version of the social network four months earlier than it originally planned. Google+ will now close to consumers in April, rather than August. Additionally, API access to the network will shut down within the next 90 days.
According to Google, the new vulnerability impacted 52.5 million users, who could have had profile information like their name, email address, occupation, and age exposed to developers, even if their account was set to private. Apps could also access profile data that had been shared with a specific user, but was not shared publicly.
“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days,” reads the blog post, penned by David Thacker, Google’s vice president of project management. “In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users.”
Google discovered the bug as part of its standard testing procedure and says there is “no evidence that the app developers that inadvertently had this access for six days were aware of it or misused.” Google says it’s begun notifying users and enterprise customers who were impacted by the bug.
The implications of with leak is not yet clear, however, one can say that Google+ operates within Europe and does have to abide by GDPR laws. The discovery was made recently and the GDPR laws took effect back in June. Whether or not anything will become of this on this front remains unclear.
In any event, it’s quite striking how Google opened up Google+ with so much considerable fanfare. All this effort to encourage users to join the network only to now see it go down in flames like this. Now, the network is increasingly becoming a liability to Google who now can’t seem to sunset this effort fast enough.
Drew Wilson on Twitter: @icecube85 and Google+.
