Yesterday, Google declared that the security of its social network platform Google+ had become compromised. Google said a bug in its software had exposed the private data of up to 500,000 users.
Google “opted not to disclose the issue”
According to a report in the Wall Street Journal, Google exposed the data of thousands of users of the Google+ network and then opted not to disclose the issue. The WSJ asserted that this was due to “fears that doing so would draw regulatory scrutiny and cause reputational damage.”
Between March 2015 and March 2018, external developers could have accessed personal Google+ data. Despite discovering the breach, Google failed to notify the affected individuals.
How did it happen?
Google+ users can grant access to their profile data to Google+ apps via the API. The bug in the software enabled these apps to access to profile fields that were shared with the user, but not marked as public.
According to a blog post, this data was limited to static, optional Google+ profile fields. These included name, email address, occupation, gender, and age.
The blog post highlighted that this acquired data did not include any other data posted or connected to Google+ or any other service. For example, Google+ posts, messages, Google account data, phone numbers or G Suite content.
Vice-president of engineering, Ben Smith, said that Google “found no evidence that any developer was aware of this bug, or abusing the API.” He also added that there was “no evidence that any profile data was misused.”
More misuse of personal data
Yesterday, we reported that the UK high court had blocked an attempt to sue Google over claims that the tech giant unlawfully acquired personal data from over 4 million iPhone users. The campaign group Google You Owe Us initiated the legal action, led by former Which? director Richard Lloyd.
According to the campaign group, Google tracked the handsets of people for several months in 2011 and 2012. The collective claims that the tech giant used this personal data to divide people into groups and create targeted advertisements.
Interested in the data leak scandal? Take a look at our 2017 interview with Cambridge Analytica’s CEO