Google has announced the impending shutdown of its social media platform, Google+, following a significant data breach that compromised the personal information of hundreds of thousands of users. This breach involved unauthorized access to sensitive data, raising substantial concerns regarding the platform’s security measures.
A vulnerability within Google+’s People APIs has facilitated access to data from over 500,000 accounts, including usernames, email addresses, birthdates, occupation details, profile photographs, and gender information. Due to a policy that restricts API logs retention to two weeks, the company is unable to provide a precise tally of affected individuals.
Despite these revelations, Google stated that there is no indication that developers exploited the vulnerability or misused the retrieved profile data. “We conducted an extensive analysis of the two weeks leading to the patch implementation and determined that the profiles of up to 500,000 Google+ accounts could have been impacted,” the company noted in a recent blog post.
Google discovered this vulnerability, which had been present since 2015, in March 2018 but did not disclose it to the public at that time, coinciding with heightened scrutiny of Facebook amid the Cambridge Analytica scandal.
Although the specifics of the vulnerability remain undisclosed, its mechanics appear similar to a prior Facebook API flaw that permitted unauthorized access to user data on that platform.
In addition to acknowledging the data breach, Google has recognized the lackluster performance of Google+ in the consumer market, concluding that it has failed to garner substantial user engagement. “The consumer version of Google+ currently sees minimal usage, with 90% of user sessions lasting less than five seconds,” the company stated.
The decision to retire Google+ for general users by the end of August 2019 has been made, though the platform will remain as an option for enterprise clients.
As part of its response to this incident, Google is launching new privacy initiatives under “Project Strobe.” This initiative involves a comprehensive review of third-party developer access to user data and the implementation of enhanced privacy controls. Previously, when a third-party application requested access to Google account data, users could inadvertently grant extensive permissions by clicking “Allow” without comprehensively reviewing what was being shared. Now, Google prompts users to approve each permission individually, increasing user awareness and control over their data.
Moreover, Google has restricted access to its Gmail API, allowing it only for applications that enhance email-related functionalities, such as email clients and productivity tools, thereby minimizing exposure to sensitive user data.
In the wake of these incidents, Google’s share prices experienced a decline of over 2 percent, reflecting investor concern regarding the implications of the data breach.
