Google announces new security flaw in Google Plus, closes social network early
Google announces new security flaw, closes social network early
Google Plus received its initial kiss of death in early October, when the company revealed that a security bug had exposed the information of 500,000 users.
By Jillian D’Onfro Dec. 10, 2018 12:30 PM PST
Google is shutting down its beleaguered social network sooner than expected in the wake of a new security issue that affected 52.5 million users.
Google Plus received its initial kiss of death in early October, when the company revealed that a security bug had exposed the account information of 500,000 users, including their names, email addresses and occupations. At the time, Google planned to shut down the social network by August 2019.
But in a blog post Monday Google wrote that it discovered a second bug that allowed the profile information of 52.5 million users to be viewable by developers, even if it was set to private, using one of Google’s application programming interfaces, or APIs, for six days in November. Once again, the available data included information like users’ names, email addresses, occupations and ages.
Google said that the bug did not give third-party apps access to users’ financial data or passwords and that it didn’t find any evidence that the private profile information was accessed or misused. However, it now plans to shut down Google Plus by April 2019, and access to its APIs in the next 90 days.
Google’s initial security bug raised hackles in Washington and with the general public because The Wall Street Journal reported at the time that Google didn’t disclose it for months because it feared regulatory scrutiny and reputational damage.
Monday’s disclosure comes a day before Google CEO Sundar Pichai is set to testify before Congress about transparency and accountability.
“We understand that our ability to build reliable products that protect your data drives user trust,” Google’s blog post said.
“We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs.”