Google has discovered a new bug in the Google+ API. According to the company announcement, personal information seems to have been affected by 52,5 million users after the revelation of the announced error. in October of 2018.
What had happened:
The company said in October that the bug was detected in the Google + People API. By default, Google+ users could access their profile data in third-party applications. As with Facebook and Twitter, Google+ users could allow third-party applications to receive information from the user's public profile.
However, in a post on the company's blog, Ben Smith, Google Fellow and Vice President of Engineering, stated that the bug allowed third-party applications to access user data that was classified as private and not just public data that was allowed to Applications "see".
Google said at the time that it could not determine exactly which users were affected by the error and reported around 500.000 accounts, so today the company said:
We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
"With the discovery of this new bug, we decided to expedite the closure of all Google+ APIs, which will happen within the next 90 days," said David Thacker, Vice President of G Suite Product Management.
Read the new announcement of the company.
"In addition, we have decided to accelerate the expiration of consumer Google+ from August 2019 to April 2019."
Google discovered the error in the Google+ People API during the standard testing process that started a week after the problem was discovered.
According to the company, there is no breach in its systems and no indication was found that a developer was aware of the error or the API was abused.
However, with this API, applications requesting permission to view profile information had access to the name, the address e-mail, occupation, and age of the user, even if he did not allow them to be viewed publicly.
Apps that had access to that particular data were able to see it too privacy shared privately by other Google+ users.
According to the company, none were leaked code access, financial data, identities or other similar sensitive data.
"We have begun the process of notifying consumers and corporate customers affected by this error. Our investigation is ongoing into other possible implications of the Google+ APIs. ”
______________________
- Acronis Ransomware Protection for free and with absolute security
- Google Leaked research entitled Good censorship
- Windows 10 KB4469342 fixes almost everything