By Elton Gomes
Google will be shutting down its social network Google+ after announcing that data of up to 500,000 users might have been exposed to external developers by a bug that was present for more than two years in its systems.
In a blog post on Monday, Google said that it had discovered and patched the bug in March 2018. Google also said that it had no evidence of misuse of user data or that any developer was aware or had exploited the vulnerability.
The announcement was made by Ben Smith, Google Fellow and vice-president of engineering, wherein he noted that the American tech giant was unable to confirm which users were impacted by the bug.
“However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API,” Smith said, PTI reported. He added, “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused.”
Google detected the technical bug as part of its efforts under Project Strobe, which began in early 2018.
Google decided not to report the existence of the bug
According to a report by the Wall Street Journal, Google found the software bug in its API in March 2018, though it was known to be in existence since 2015.
Google decided against reporting the incident because it could “trigger immediate regulatory interest”, the WSJ report said. The report quoted an internal memo that was reviewed by Google’s legal and policy team, and a decision was taken to not report the problem. Google’s CEO Sundar Pichai was fully aware of this decision.
The report said that Google was concerned about reporting the incident as doing so could lead to comparisons with Facebook’s Cambridge Analytica scandal. Eventually, Google decided to release a blog post highlighting the issue. But it is likely that the move to not report the incident will invite heavy criticism, particularly since Google is unaware about which accounts were impacted.
What happens after the data leak
It has to be kept in mind that only the consumer version of Google+ will be shutting down. An enterprise version of Google Plus will continue to exist. The breach meant that data, which was supposed to be limited to friends and circles, could be accessed by some app developers. The software bug was found in one of the Google+ People APIs.
How many users were impacted
Google said that in the case of this particular API, log data was maintained for only two weeks. This means that Google cannot confirm how many user accounts were impacted by this bug. Estimates from the company claim that up to 500,000 Google+ accounts could be potentially affected.
Google insisted in its blog post that there is no “evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” as per the Indian Express.
How can users secure their Google+ account
Users can go to their Google account settings, and open their Google Plus profile and delete all information about their the G+ account.
Open the settings for Google+ and keep scrolling down. At the bottom, users will see an option to delete your Google+ Profile. Click on that, and Google will ask you to sign into your account once again on a separate page. Thereafter, you will then be able to see an option to delete the Google+ account.
Facebook’s recent security breach
Google’s data breach comes after Facebook recently suffered from the same fate. Towards the end of September, the social media company said that nearly 50 million user accounts were affected.
To deal with the issue, Facebook reset some logins, which was why 90 million people had been logged out and had to log in again.
Prior to this, Facebook was faced with severe allegations after data firm Cambridge Analytica harvested data from 87 million Facebook accounts. Since then, the US Senate has cracked the whip on several tech companies not adhering to privacy laws.
Google received heavy criticism for refusing to send a top executive to a Senate Intelligence Committee hearing, which was held on September 5. The hearing was about efforts to counteract foreign influence in U.S. elections and political discourse. The company’s decision against reporting the existence of a bug could create more problems.
“I think Google does have a public relationship issue and this now makes their lack of openness even worse,” Ivan Feinseth, an analyst at Tigress Financial Partners said, Reuters reported.
Elton Gomes is a staff writer at Qrius