After 50 million Facebook profiles hacked a few weeks ago, the tech giant Google got hit by a software glitch within Google+ which allows access to third-party developers to access hundreds of users private data.
Google Plus Security Flaw:
The API allowed developers to gain access to the public data of the users who signed up to use the app that used that API. The bug in the API allowed the developers to not just access the private, non-public data of the users who signed up as well as people they are connected to.
Here’s how Bloomberg discussed this security flaw:
What this bug does it that it catches the user’s as well as the ones connected to their account’s non-public profile info every time the user installs Google+ app to their device. From residential address to things as personal as one’s relationship, every kind of information is pulled. By far, Google says that the info has not been misused. This has put around 496,951 user’s information at risk.
496,951 Google+ users may have been affected by this bug.
After an investigation from Project Strobe, Google confirmed that they found the security flaw. To make sure something like this doesn’t happen again, and to protect user’s privacy they limit the number of data developers’ access to the web and Android.
To stop this kind of bug in future, Google is stopping most third-party developers from accessing Android phone SMS data, call logs and some contact info.
Google+ will stop all its consumer services while turning down over the next 10 months with an opportunity for users to export their data while Google refocuses on making G+ an enterprise product.
TechCrunch says that this security flaw existed since 2015 until Google discovered and patched it in March.
When Google found out about it, they decided not to inform the world and quietly fixed it to avoid legalities, brand compromise and an investigation by authorities.
Stay tuned for more updates!