API Puts at Risk Privacy of over 52 Million Users

Share

The disclosure comes a day before Chief Executive Sundar Pichai is set to testify before the House Judiciary Committee of the U.S. Congress about Google's data collection practices. The bug revealed details such as name, email address and occupation, but did not give developers access to financial data.

Back in October, Google announced that it would shut down its Google+ social network, following the discovery of an API bug that could have led to user data being stolen.

"In addition, we have also made a decision to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019".

Google never could figure out a coherent story to tell that would spur greater usage of its flameout of a social network.

Google announced it has found a second vulnerability in Google+.

More news: Trump says chief of staff John Kelly leaving at year's end

The exposure lasted for six days in November and was caused by a bug in the Google+ People application programming interface (API), specifically built to allow access to profile data with the owner's consent.

Thacker also says user security is the company's top priority, more so than the inconvenience to developers: "We understand that our ability to build reliable products that protect your data drives user trust..."

The company was originally going to shut the service down in August of 2019, but in light of this latest API bug, Google has chose to expedite the shutdown process and wrap things up in April 2019.

This has resulted in the search giant opting to shutter the consumer-facing part of the service a few months early in April 2019.

Google said in a statement that the data was exposed for six days after being discovered during ongoing testing procedures but that there was no third party compromise of systems, and there was no evidence that the app developers were aware of the bug or misused it in any way. "We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs".

Share