Google Says Private Data of Up to 500,000 Users Exposed Due to Security Bug
MOSCOW (Sputnik) - US tech giant Google confirmed on Monday that a software bug in its Google+ social network had exposed private information of some 500,000 users, adding that there was "no evidence" of misuse by third parties.
"As part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs [application programming interfaces]: Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API. The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public … We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change," Google’s blog post read.
Data of up to 500,000 users have been likely exposed to 438 applications. The bug has exposed such data as name, email address, occupation, gender and age, but did not include phone numbers, messages and other private information, according to the company.
"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused," Google underlined.
Earlier in the day, the Wall Street Journal newspaper reported about the the bug and said that Google decided to conceal the information about the security breaches in order to avoid reputational damages as well as comparisons to Facebook’s Cambridge Analytica scandal.
The tech giant decided to shut down the consumer version of the Google+ social network. It will give users a 10-month transition period to let them download and transfer their data, while the Google+ for enterprise customers will remain intact due to its high popularity as corporate social network.
- Source : Sputnik News