Google announced today that it is shutting down the social network Google+ after the company's engineers found an API bug that may have exposed private data from certain profiles.
According to the company more than 500.000 are affected users of Google+.
The company said the bug was found in the Google+ API People. By default, Google+ users could give third-party apps access to their profile data. As with Facebook and Twitter, Google+ users could allow third-party apps to obtain information from the public profile of the user's friends.
However, in a blog post, Ben Smith, Google Fellow and Vice President of Engineering, said the error allowed third-party applications to access user data that was considered private and not just public data that they were allowed to "see" Applications.
In accordance with documentation of the Google+ Profile API, the profile fields store treasures of sensitive user information such as name, email address, profession, gender, age, alias, birthday, and more.
Google said it discovered the API error in March of 2018.
"We believe this happened after a code change in Google+," Smith said. The company said there was "no indication that a developer was aware of the error or that the API was being abused." He also said that no evidence was found to show that profile data was used.
Google said it could not determine exactly which users were affected by this bug because the API was designed to keep log files for only two weeks. So the company could not have access to older data.
"However, we did a detailed analysis for the two weeks before fixing the error, and from that analysis, we found that up to 500.000 Google+ accounts were affected," Smith said. "Our analysis showed that up to 438 applications may have used this API."
An article by the Wall Street Journal that published at the same time as the blog post on Google claims that the API error is much worse and that user data may have been leaked by 2015. According to the WSJ, the error was only discovered when Googgle technicians began examining Googgle web pages for privacy leaks while preparing the company for the EU GDPR. According to the same report, Google covered the incident rather than publish it, fearing "direct consequences from regulators."
As for Google+, the company won't mourn it for long, the service never caught the interest of users.
Smith said Google + will be terminated in the next ten months, during which service users will be able to download their data. The service will be permanently closed in August of 2019.
_____________________
- Google Lens and iOS devices: how it works
- Samsung SSD at 30.72 TB: released for business
- Julian Assange - Lennin Moreno: Clouds in relationship and limitations
- Tesco Bank has managed to get £ 2.62 million
