Google+ kills off its social network amid security flaws that exposed users’ private details

Google+ kills off its social network amid security flaws that exposed users’ private details

6 views

SAN FRANCISCO: Google will shut down the consumer version of its social network Google+ after announcing data from up to 500,000 users may have been exposed to external developers by a bug that was present for more than two years in its systems.

Apparently Google+ users weren’t the only ones not paying attention to the social network. According to a report, Google discovered a “software glitch” earlier this year that allowed third-party developers access to some 500,000 private profile data since 2015, including “full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.”

That’s a lot of exposed data. And to make matters worse, Google found out about it in the spring and decided not to tell anyone, reports the Wall Street Journal.

The company said in a blog on Monday it had discovered and patched the leak in March of this year and had no evidence of misuse of user data or that any developer was aware or had exploited the vulnerability.

Shares of its parent company Alphabet, however, were down 1.5% at $1150.75 in response to what was the latest in a run of privacy issues to hit the United States’ big tech companies.

The Wall Street Journal reported earlier that Google had opted not to disclose the issue with its Application Program Interfaces (API) partly due to fears of regulatory scrutiny, citing unnamed sources and internal documents.

The paper says the search giant said in a memo that it kept the breach private to avoid public and regulatory scrutiny. Google told the Journal that it considered “whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response, (and) none of these thresholds were met here.”

Google said it had reviewed the issue, looking at the type of data involved, whether it could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take.

“None of these thresholds were met in this instance,” it said. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”

Under the European Union’s General Data Protection Regulation (GDPR), if personal data is breached, a company needs to inform a supervisory authority within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedom of users.

“It seems like the downside risk of having a story that says they intentionally hid information about a major breach from users is bigger than the upside of avoiding scrutiny,” said Geoffrey Parker, an engineering professor at Ivy League college Dartmouth.

“I wonder if there wasn’t more depth to the internal debate.”

In addition to shutting down the service, Google is also implementing several additional security features for its services, including:

  • More granular Google Account permissions;
  • Limiting the types of apps that are permitted to access Gmail;
  • Limiting apps’ ability to receive Call Log and SMS permissions on Android devices; and
  • No longer making contact interaction data available via the Android Contacts API.

Google said a software glitch in the social site gave outside developers potential access to private Google+ profile data between a major redesign in 2015 and March 2018, when internal investigators discovered and fixed the issue.

The affected data was limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.

The WSJ report said that a memo, prepared by Google’s legal and policy staff and shared with senior executives, warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.

Allegations of the improper use of data for 87 million Facebook users by Cambridge Analytica, which was hired by President Trump’s 2016 U.S. election campaign, has hurt the shares of the world’s biggest social network and prompted multiple investigations in the United States and Europe.

Google Chief Executive Officer Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, according to the WSJ.

Google came under criticism for refusing to send a top executive to a Senate Intelligence Committee hearing on Sept. 5 about efforts to counteract foreign influence in U.S. elections and political discourse.

“I think Google does have a public relationship issue and this now makes their lack of openness even worse,” Ivan Feinseth, an analyst at Tigress Financial Partners said.

Facebook’s chief operating officer and Twitter’s chief executive testified at the hearing, where an empty chair was pointedly left for Google after the committee rejected Google’s top lawyer as a witness.

Why this matters: Wait, Google+ is still a thing? All jokes aside, Google+ still has millions of users, and any breach that affects private information is a major one. And it raises the question: If Google hid this breach from the public, how do we know there aren’t others? Google’s business model is based on trust, and hiding a potentially dangerous breach for six months is not the way to keep it.

About author

Rava Desk

Rava is an online news portal providing recent news, editorials, opinions and advice on day to day happenings in Pakistan.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Your email address will not be published. Required fields are marked *