Published: Tue, October 09, 2018
Electronics | By Shannon Stone

Google to shutdown Google+ after security glitch

Google to shutdown Google+ after security glitch

A vulnerability in the Google+ social network exposed the personal data of up to 500,000 people using the site between 2015 and March 2018, the search giant said Monday.

This bug helped outside developers to gain access to users personal data.

The Google Plus flaw could have allowed 438 external apps to scoop up user names, email addresses, occupations, gender and age without authorization.

The issue was discovered and patched in March as part of a review of how Google shares data with other applications, Google said in a blog post.

Information that could be accessed did not include posts, messages or telephone numbers, a spokesperson said. The company is henceforth shutting down Google+ to consumers.

Specifically, the issue disclosed Monday came through one of the Google+ "People" APIs, a developer tool available to third-party app developers. Apps with broad access to Gmail user data that have not applied for a new review by that date will be removed after February 22, 2019. (There are some exceptions-e.g., voicemail and backup apps.) Developers can find more details in the Google Play Developer Policy Center and in the Help Center. Google claims that they didn't tell its users because they believed that without sufficient information on who was hacked, they found it wouldn't be useful to identify the public on the matter.

The WSJ quoted an internal Google memo that said doing so would draw "immediate regulatory interest".

A Google spokesperson cited "significant challenges in creating and maintaining a successful Google+ that meets consumers" expectations" along with "very low usage' as the reasons for the move. Today, after over 7 years of existence, Google is shutting down Google+ for good-although its low user base surprisingly wasn't the main factor behind this decision. Google confirmed that the bug provided third parties with access to user information.

While no evidence was found that indicates this bug was ever misused, it was determined that the complexity of protecting and operating a social network like Google+ was not a worthwhile endeavor when so few users actually used the service for any length of time. There is no suggestion that any credit card or bank information was exposed, but exposing private information about individuals can make them more vulnerable to fraud.

As for why Google didn't disclose the security lapse to the public, the company said it decided that the situation did not rise to that level.

Now, users will be given greater control over what account data they choose to share with each app.

Google+ will be shutting down over a period of about 10 months, and will vanish by next August. For instance, it is limiting the ability to receive call logs and SMS permissions on Android devices.

Like this: