Search This Blog

Google+ hit by second bug, exposes data of 52 million users


Google has announced that it would now shut down the consumer version of Google+ from April 2019 instead of the initial deadline of August 2019. The decision came in the wake of another massive data breach which compromised the data of 52.5 million users.
The data that was configured to stay on private was exposed to developers of apps requesting permission to access the user data; it entailed information such as names, email addresses, gender and age of the customers.
It is reported as to be an additional bug in the Google+ People application programming interface (API) that triggered the data exploit, Google identified the vulnerability and rectified it by 13th November which means that the illicit data exposure lasted for a total of six days.
Though Google confirmed that no evidence of data being misused or being compromised by a third party was found, it still is advancing the shutting down of the service from the month of April 2019 itself. In addition to that, the access to Google+ APIs will be cut off in 90 days.
Google has no evidence, "that the app developers that inadvertently had this access for six days were aware of it or misused it in any way"  is how David Thacker, VP of Product Management for G Suite puts it.
"Our testing revealed that a Google+ API was not operating as intended. We fixed the bug promptly and began an investigation into the issue," David mentioned in a blog post. "We have begun the process of notifying consumer users and enterprise customers that were impacted by this bug. ... We want to give users ample opportunity to transition off of consumer Google+. "
The vulnerability did not expose passwords and more sensitive user information pertaining to financial and social security matters but some profile data exchanged privately between users that weren't supposed to be the in public domain was put to risk.
"Issues like these, which have direct security implications, reflect the world we live in today with agile development. The whole goal is to get the code and features out to customers faster, but with that comes the risk of exposure and introducing something like this." says David Kennedy, CEO of the penetration testing and incident response consultancy TrustedSec.

Google, at its best, is notifying the users about the breach and is trying to configure a mechanism that could barricade other apps from illegitimately drawing their user data for nefarious gains. 
Share it: