Published: Wed, October 10, 2018
Tech | By Amelia Peters

Google Shuts Down Google

Google Shuts Down Google

Alphabet Inc's Google will shut down the consumer version of its failed social network Google+ and tighten its data sharing policies after announcing on Monday that private profile data of at least 500,000 users may have been exposed to hundreds of external developers.

According to a report from The Wall Street Journal, this bug existed from 2015 through March 2018, and Google confirms that it patched the bug in March 2018 after it discovered its existence.

According to The Wall Street Journal, who first reported the story, Google refused to immediately disclose the bug when it was fixed back in March due to fear of regulatory scrutiny from lawmakers.

The affected data was limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.

The internal memo obtained by the Journal says that while Google has no evidence that outside developers misused, it has no way to know for sure.

The Google+ vulnerability was discovered at a time that nearly coincided with the notorious privacy leakage scandal of the world's largest social media network Facebook, which has been widely criticized for its failure to protect its users' private data.

When those friends signed into apps using Google+, app developers ask for permission to get profile information and are granted. This was not a successful venture for Google, and the latest data showed that 90% of sessions on the app were lasting less than five seconds long.

More news: Judge asks Tesla, SEC to justify settlement of fraud lawsuit

Google+ minus people: In a blog post published after the article ran, Google said it had found no evidence data had been abused, and that it would shut off consumer access to Google+ (a corporate version will presumably continue to run).

"None of these thresholds were met in this instance", it said. But for the year, stock in Google's parent company is up 10%.

"Had this breach occurred just a few months later, Google could be subject to strict GDPR fines for not keeping user data safe".

Moffitt added that consumers should be aware that connecting apps in social media platforms "only increases the amount of valuable information that could potentially be breached, as well as increasing attack vectors that hackers can leverage".

Even if a third party did not exploit the security vulnerability identified by Google, the SEC probably would be interested in whether investors were properly notified about the risks and the incident, Stark said.

Google goes "beyond legal requirements" and applies "several criteria focused on our users" when deciding whether to provide notice, a spokesperson said in a statement. For one thing, soon, only Android apps which the user has assigned as their default for use will be allowed to request certain permissions like making calls and sending SMS.

Like this: