Story image

52mil users affected by Google+’s second data breach

11 Dec 18

Google is bringing forward the planned shutdown of its social media platform, Google+, after 52 million users were impacted by another security breach.

A software update introduced in November contained a bug that was affecting a Google+ API.

In a statement on its site, G Suite product management VP David Thacker says the bug was discovered as part of its testing procedures and fixed within a week of its introduction.

“No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

Thacker says Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.

He adds that Google has begun the process of notifying consumer users and enterprise customers that were impacted by the bug and there is an ongoing investigation of the potential impact on other Google+ APIs.

This is the second breach on Google's social media platform. 

Google was accused of failing to disclose the first breach, which happened in March, potentially affecting 500,000 Google+ accounts. 

Soon after news of the breach became public, Google announced plans to shut down Google+, saying it “has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps.”

Google posted these details about the latest bug and the investigation on its site:

Testing revealed that a Google+ API was not operating as intended.

The bug was fixed and Google began an investigation into the issue.

Our investigation into the impact of the bug is ongoing, but here is what we have learned so far:

  • We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
     
  • With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
     
  • In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
     
  • The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
     
  • No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
iPhone XS Max costs average Kiwi 11.6 work days – world comparison
A new study has compared how long it will take the average worker in 42 countries to purchase Apple's newest iPhone - NZ doesn't do too bad.
Chorus reckons Kiwis have an insatiable appetite for data
New Zealanders love the internet – and we love Fortnite even more.
Hands-on review: XANOVA Juturna-U gaming headset
Despite my first impressions on the quality of the headset, I was disappointed with both of the auxiliary cables provided, which felt cheap and would cut out, almost as if they were already frayed.
Audioengine’s Wireless A5+ are just bloody good speakers
I judge these speakers on the aspects that Audioengine boasts about - quality, streaming, simplicity and versatility
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
OPPO aims to have 5G device launched by end of year
The Chinese smartphone manufacturer is working with Keysight Technologies to accelerate the development of their 5G smartphone.
LG makes TVs smarter with new AI processors
Latest TVs from LG use deep learning to enhance the video and audio output and introduces integration with Alexa.