Google+ to Shut Down Following Bug That Exposed 500K Profiles

in #tegnology6 years ago

 Google said the decision makes sense given that very few people actively use Google+, but the Wall Street Journal says it comes after Google tried to keep a lid on a user data bug. 

 Google today announced that it will shut down the consumer version of Google+ following the discovery of a bug that it opted to keep secret.

In a blog post, the search giant framed the decision as one that makes sense given that very few people actively use Google+—"90 percent of Google+ user sessions are less than five seconds," writes Ben Smith, a Google Fellow and VP of Engineering—and it doesn't warrant the work required to keep tabs on developers.

But as the Wall Street Journal reports, the move comes after Google discovered a bug that left private user information open to developers in March, but declined to alert users for fear of regulatory scrutiny.

"A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger 'immediate regulatory interest' and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica," the Journal says.Google CEO Sundar Pichai reportedly knew about the plan to forgo notification.In the blog post, Smith says Google discovered the bug in March as part of Project Strobe—"a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps' data access."The bug, according to Google, meant that third-party apps had access to "profile fields that were shared with the user, but not marked as public," like name, email address, occupation, gender, and age. Google+ posts, messages, Google account data, phone numbers, or G Suite content were not accessible.

"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused," Smith says.The bug, which Google patched in March, affected about 500,000 Google+ users. Was yours one of those accounts? Sorry, there's no way to tell."We made Google+ with privacy in mind and therefore keep this API's log data for only two weeks," according to Smith. "That means we cannot confirm which users were impacted by this bug."According to Smith, the vulnerability didn't rise to the level of requiring a notification. "Every year, we send millions of notifications to users about privacy and security bugs and issues. Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice," he says.It remains to be seen if regulators agree. Uber kept a 2016 data breach secret, and that just resulted in a $148 million fine.

The Google+ shutdown, meanwhile, will occur over the next 10 months, so get your fill before August 2019. If you use the service for work, though, Google+ is not going anywhere. 

Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.blog.google/technology/safety-security/project-strobe/