Tech giant Google on Monday, October 8, revealed a massive data breach. As per a report carried by the Wall Street Journal, private data of hundreds of thousands of users of the Google+ social network are compromised. Google exposed that the private data of hundreds of thousands of users of its Google+ social network are compromised. Responding to the incident, Alphabet Inc’s (GOOGL.O) reportedly said that it is planning to permanently shut down all consumer functionality. It further stated that Google is planning to announce a sweeping set of data privacy measures.
Google revealed that a software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018. However, later the internal investigators discovered and fixed the issue, the report said, citing documents and people briefed on the incident.
Google released an official statement on the same where it said, "Every year, we send millions of notifications to users about privacy and security bugs and issues. Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice."
The Report further stated that the shares of Alphabet Inc came down by 2.2 per cent at $1142.43 following the incident.
As per media reports, a memo, prepared by Google’s legal and policy staff and shared with senior executives, warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica, the report said.
Moreover, Google Chief Executive Officer Sundar Pichai at that time was briefed on the plan not to notify users immediately, as per the decision taken by the internal committee. The WSJ further reported that Google Chief Executive Officer Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision.
In an official statement released by Google, the company stated that they are shutting down Google+ for customers. It stated:
"Over the years we’ve received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+. This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 per cent of Google+ user sessions are less than five seconds.Our review showed that our Google+ APIs, and the associated controls for consumers, are challenging to develop and maintain. Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs."
Giving out details on the same, the company revealed,
- Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API.
- The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
- This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. (See the full list on our developer site.) It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.
- We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change.
- We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.
- We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.