Google Shutting Down Program Following Major Data Breach


Published October 9, 2018 at 9:09 pm


If you’re a regular Google user (and who isn’t?), you could be losing a service in the wake of a data breach.

Google recently announced that, in order to protect customer data, it’s shutting down Google+ for consumers.

“Many third-party apps, services and websites build on top of our various services to improve everyone’s phones, working life, and online experience. We strongly support this active ecosystem. But increasingly, its success depends on users knowing that their data is secure, and on developers having clear rules of the road,” said Ben Smith, Google fellow and vice president of engineering in a recent statement.

The move to close Google+ comes after the Wall Street Journal released a piece on how third-party app developers can scan Gmail users’ messages in order to better target advertisements.

“At the beginning of this year, we started an effort called Project Strobe—a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access,” the statement reads.

“This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened.”

While the loss of Google+ might sound serious to less tech-savvy consumers, the company says the service actually has relatively little user engagement on the consumer side. Google says there are “significant challenges” in maintaining a successful Google+ product that satisfies users and that the service has seen “limited user interaction with apps.”

Google says the consumer version of Google+ currently has low usage and engagement. In fact, it says 90 per cent of Google+ user sessions are less than five seconds.

“Our review showed that our Google+ APIs, and the associated controls for consumers, are challenging to develop and maintain. Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs.”

In terms of the bug, Google says users can grant access to their profile data, and the public profile information of their friends, to Google+ apps, via the API.

The bug meant that apps also had access to profile fields that were shared with the user, but not marked as public.  

Google says this data is limited to static, optional Google+ profile fields including name, email address, occupation, gender and age.

It does not include any other data users may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.

“We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change,” Google says.

Google says that since API log data is only kept for two weeks, it cannot confirm which users were impacted by the bug.

That said, it estimates that the profiles of up to 500,000 Google+ users were potentially affected.

“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” Google says.

Google says it will wind down Google+ over a 10 month period.

Google+ will still be available for businesses.

To read more about the breach and Google+ shutdown, click here.

insauga's Editorial Standards and Policies advertising