Google exposed data for hundreds of thousands of users

[nir]

The company also didn’t tell users about the breach.

 

Google reportedly exposed private data from hundreds of thousands of Google+ users and then chose not to inform those affected by the breach. The Wall Street Journal reports that sources close to the matter claim the decision to keep the exposure under wraps was made among fears of regulatory scrutiny. Google is said to have discovered and fixed the issue in March of this year.

 

According to the Wall Street Journal's sources as well as documents reviewed by the publication, a software vulnerability gave outside developers access to private Google+ user data between 2015 and 2018. And in internal memo noted that while there wasn't any evidence of misuse, there wasn't a way to know that for sure. Exposed data included names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.

 

Though Google allows developers to collect Google+ profile information when granted access by users, a bug gave developers access to the profile data of friends of those users as well, regardless of whether those friends had chosen to share that information publicly. Google said in a blog post that nearly 500,000 users may have been impacted, but because the company keeps the log data from the API in question for only two weeks at at time, it can't fully confirm who was truly impacted and who was not. The company confirmed that information like Google+ posts, messages and G Suite content weren't included in the breach.

 

"Our Privacy and Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance," said Google. The Wall Street Journal reports that CEO Sundar Pichai was notified of the plan to not disclose the breach and a document obtained by the publication warned that if the exposure was indeed disclosed, it could result in "us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal."

 

In light of this issue, Google will be shutting down the consumer version of Google+ and will do so over the course of 10 months in order to allow users to transition out of the service. The company aims to complete that process by August of next year. Additionally, Google is giving users more control over the data they share with apps, will limit the apps that can receive permission to access Gmail data and will limit the ability of apps to retrieve call log and SMS access on Android.

 

Developing...

 

Source

[nir]

Google Plus shutting down after security glitch exposes up to 500,000 users' data

 

Google is closing its troubled Google Plus social network following the discovery of a software glitch this past spring that may have exposed user information of up to 500,000 customers between 20015 and 2018, the company said Monday. 

 

Ben Smith, Google's vice president of engineering, confirmed in a blog post the company had detected a "bug" in March that impacted the profiles of as many as 500,000 Google Plus users. Google said it immediately fixed the security flaw and had not uncovered evidence that the information was mishandled by any of hundreds of third-party developers that may have had access to the user data.

 

Despite the size of the security flaw, Google executives opted not to disclose the problem at the time because they feared trouble from regulators after the intense criticism encountered by Facebook over its privacy woes, according to the Wall Street Journal.

 

Google hoped to avoid comparisons to Facebook's leak of user information to Cambridge Analytica, the data firm accused of improperly using information on 87 million Facebook users on behalf of Donald Trump's 2016 presidential campaign, the Journal said. 

 

The Google Plus data potentially exposed includes names, email addresses, occupations, dates of birth, genders and profile photos. In addition, 438 third-party applications may have used the application programming interface, or API, that allowed possible access to the data, according to Google.

 

The company will wind down the Google Plus network during a 10-month period expected to be done by the end of next August, Smith wrote in his post. He also vowed additional security steps would result in the wake of the incident.

 

Since launching in 2011, Google Plus failed to garner a mass audience, and was broken into separate products in 2015. 

 

CBSNews.com sibling website CNET noted on Monday that after Google announced the social network's shutdown, even people who helped launch the product said the time had come to end it. "As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is... FINALLY," tweeted David Byttow, a former Google engineer.

 

As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is... FINALLY.

— David Byttow (@davidbyttow) October 8, 2018

News of the security woes at Google Plus -- and the company's failure to disclose them in a timely manner -- sent shares of Alphabet were down $9.35, or 0. 8 percent, to $1,148.00, on Monday.

 

Source

[Ha91]

500, 000 users or all of the users? 😛

I bet NSANE has a reach of over a million people