Google plan to shut down its social network effort, Google+ much sooner than planned after discovering a second bug that revealed millions of customers' private information via GOOGLE+ API.
Google admitted that 52.5 million Google+ users were affected by a bug in the November software update. The latest bug allowed app developers to access profile information not marked public. App developers inadvertently had access to this data for six days. Google is working on the system to curb any other issues.
In the light of all the missteps, Google will will shut down Google+ in April 2019
Our testing revealed that a Google+ API was not operating as intended. We fixed the bug promptly and began an investigation into the issue.
Our investigation into the impact of the bug is ongoing, but here is what we have learned so far:
We have begun the process of notifying consumer users and enterprise customers that were impacted by this bug. Our investigation is ongoing as to any potential impact to other Google+ APIs.
- We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
- With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
- In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
- The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
- No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.
Google Security
No comments:
Post a Comment