Google has announced the shutdown of its social media network Google+ following a significant data breach that compromised the private data of hundreds of thousands of users. The tech giant revealed that a security vulnerability within one of Google+’s People APIs allowed third-party developers to access sensitive information for over 500,000 users. This exposed data included usernames, email addresses, occupations, dates of birth, profile photos, and gender-related information.
One key issue highlighted by Google is that its servers do not retain API logs for longer than two weeks. As a result, the company is unable to confirm the precise number of users affected by this vulnerability. However, Google reassured its users that it found no evidence indicating that any developer was aware of this bug or that the profile data was misused by any of the 438 developers who could have accessed the data.
“However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API,” Google stated in a blog post published today. This incident raised serious questions about data privacy and security protocols within the company.
Notably, this vulnerability had been active since 2015 and was only discovered and fixed by Google in March 2018. At that time, the company opted not to disclose the breach to the public, coinciding with Facebook facing scrutiny over the Cambridge Analytica scandal, which involved the misuse of personal data.
As a result of this incident, Google decided to shut down Google+, acknowledging the challenges it faced in maintaining the platform. This decision marks a significant moment in the tech industry, reflecting growing concerns about user privacy and data protection. Users are now left to consider how their data is managed and the implications of such breaches in the future.