- How a queer Instagram is helping fight the opioid epidemic in Appalachia Today 6:30 AM
- Philadelphia to fire 13 officers for racist, violent Facebook posts Saturday 6:12 PM
- Nick Offerman is so down to play every single role in ‘Cats’ Saturday 4:27 PM
- Woman documents how airport staff broke her wheelchair Saturday 3:04 PM
- Funeral home allegedly posted photos of woman’s dead body on social media Saturday 1:56 PM
- Alinity Divine is being investigated after throwing her cat during stream (updated) Saturday 12:04 PM
- ‘Comedians In Cars Getting Coffee’ returns with Seinfeld making a racist joke about China Saturday 10:26 AM
- YouTubers Eugenia Cooney and Shane Dawson make a joint comeback Saturday 9:06 AM
- The crushing effects of Trump’s abortion ‘gag rule’ on healthcare Saturday 8:00 AM
- How to live stream Pacquiao vs. Thurman Saturday 6:20 AM
- Review: Hulu with Live TV ensures you always have something to watch Saturday 6:00 AM
- How to live stream UFC on ESPN 4: Rafael dos Anjos vs. Leon Edwards Saturday 5:49 AM
- 2020 Democrats refuse to answer our questions about ‘Cats’ Friday 4:14 PM
- Belle Delphine’s Instagram account removed after mass reporting campaign Friday 4:08 PM
- Mariah Carey refuses old-age FaceApp challenge Friday 3:19 PM
Google discovered the breach back in March but chose not to disclose it.
Facebook isn’t the only technological giant to have breached users’ trust and privacy. Google just announced that it’s shuttering its social network Google+ after leaving user data vulnerable to abuse by outside developers.
Months after Facebook announced that user data had been accessed inappropriately via political data firm Cambridge Analytica, Google confirmed that hundreds of thousands of Google+ users’ data was exposed in a software glitch. Perhaps even worse than the security issue itself is how Google handled the incident. After discovering the issue earlier this spring, the Wall Street Journal reports, Google decided not to disclose the issue “in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.”
Much like Facebook’s Cambridge Analytica scandal, the Google+ incident involved third-party developers potentially having access to users’ profile data. This lasted from 2015 to March 2018, when the issue was discovered and fixed. An internal memo shared with senior executives and viewed by the Wall Street Journal said that if the company disclosed the vulnerability, it could spark “immediate regulatory interest.” In order to prevent snowballing with Facebook’s security woes, Google stayed silent on the issue until now.
Alphabet, Google’s parent company, has now completely shut down all consumer-side functionality of the social network. Thus far, there seem to be no signs of abuse, on top of the fact that Google+ has been a ghost town for years. As some Twitter users have rightfully pointed out, Google tried to downplay this fact in the past but now admits that “90 percent of Google+ user sessions are less than five seconds.”
dark comedy: google plus PR spent five years trying to dissuade writing about the network's absymal usage numbers— rat king (@MikeIsaac) October 8, 2018
now that it leaked everyone's data, google can't get enough of telling people how no one used it https://t.co/iGocHG7vpA
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesperson told the Wall Street Journal. The company considered “whether [it] could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response.”
The company concluded that none of these thresholds were met, so it chose not to disclose the vulnerability.
Google detailed in a post Monday that it formed a 100-person-strong task force earlier this year called Project Strobe to review third-party access to Google application programming interfaces and services. The unit discovered the Google+ bug, which could affect as many as 500,000 users, including G Suite customers such as schools and businesses. Unfortunately, due to limited activity logs, the investigators were unable to determine exactly who may have been affected and what kinds of data may have been exposed to third-party developers. More than 400 applications may have had access to this data.
Google could now face repercussions such as increased government regulation or class action lawsuits over its failure to disclose this issue in a more timely fashion. For more information on the incident, visit Google’s blog post here.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.