Google+ to be shut down after security gaffe
Google will shut down its Google+ social media platform and introduce a slew of privacy reforms after being caught out keeping a security vulnerability that exposed the private data of 500,000 of its users under wraps.
Google made the announcement that it plans to shut down Google+ minutes after the Wall Street Journal reported that the company had discovered and patched a bug in March that had allowed third-party developers to access Google+ user profile data since 2015.
But according to a memo seen by the publication, the company opted not to make the incident public because it didn’t want to be thrust into the spotlight along with Facebook during the Cambridge Analytica scandal.
The vulnerability in a Google+ API reportedly allowed third-party developers to access full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status of Google+ users, although Google says there is no evidence that the API was misused and any private data accessed.
According to a company blog post, the decision was made not to disclose the vulnerability because it did not meet any of the thresholds it uses to evaluate whether to disclose, which include whether there was any evidence of misuse and whether there is any action a developer or user can take to improve security or privacy.
But a review into Google+ confirmed that the social platform has not achieved broad platform or developer adoption, has low usage and engagement and is failing to meet consumers’ expectations. For these reasons, the company has decided to pull the plug.
The platform will be progressively shut down over the next 10 months to help existing users manage the transition.
Google will also introduce new privacy reforms, including more granular Google Account permissions when an app asks for access to Google account data to provide more fine-tuned control. Under the new system each requested permission must be requested individually with its own dialog box.
The company will also limit the types of use cases that app developers can use to justify seeking access to a user’s Gmail email account data, call log and SMS permissions and contact information data.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...
