- QAnon is attacking a random woman in a disturbing and dangerous way 5 Months Ago
- Google celebrates Bach with AI-powered, music-making doodle 5 Months Ago
- RIP: The best free trial in all of streaming entertainment Today 2:19 PM
- Which ‘Florida Man’ are you? Today 1:06 PM
- Hundreds of millions of Facebook passwords were accessible to employees Today 12:55 PM
- ‘Bitch I’m Bella Thorne’ morphs into TikTok dyslexia meme Today 12:17 PM
- Marvel is auctioning props and costumes from Netflix’s ‘Defenders’ franchise Today 12:12 PM
- Net neutrality advocates plan online watch party for the ‘Save the Internet’ Act Today 12:01 PM
- Tim Cook turns his iPad meme into an AirPod meme Today 11:46 AM
- Auschwitz Memorial asks visitors to stop taking playful photos at Holocaust site Today 11:33 AM
- The best Korean beauty products for $15 or less Today 10:50 AM
- PewDiePie’s reign as the No. 1 YouTuber seems to be over Today 10:43 AM
- Amazon’s ‘Hanna’ miniseries offers a more conventional take on the teen spy thriller Today 10:42 AM
- Conservative writer tweets about bombing a university after women are hired Today 10:16 AM
- YouTube star Ice Poseidon reportedly raided by FBI Today 10:11 AM
Google discovered the breach back in March but chose not to disclose it.
Facebook isn’t the only technological giant to have breached users’ trust and privacy. Google just announced that it’s shuttering its social network Google+ after leaving user data vulnerable to abuse by outside developers.
Months after Facebook announced that user data had been accessed inappropriately via political data firm Cambridge Analytica, Google confirmed that hundreds of thousands of Google+ users’ data was exposed in a software glitch. Perhaps even worse than the security issue itself is how Google handled the incident. After discovering the issue earlier this spring, the Wall Street Journal reports, Google decided not to disclose the issue “in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.”
Much like Facebook’s Cambridge Analytica scandal, the Google+ incident involved third-party developers potentially having access to users’ profile data. This lasted from 2015 to March 2018, when the issue was discovered and fixed. An internal memo shared with senior executives and viewed by the Wall Street Journal said that if the company disclosed the vulnerability, it could spark “immediate regulatory interest.” In order to prevent snowballing with Facebook’s security woes, Google stayed silent on the issue until now.
Alphabet, Google’s parent company, has now completely shut down all consumer-side functionality of the social network. Thus far, there seem to be no signs of abuse, on top of the fact that Google+ has been a ghost town for years. As some Twitter users have rightfully pointed out, Google tried to downplay this fact in the past but now admits that “90 percent of Google+ user sessions are less than five seconds.”
dark comedy: google plus PR spent five years trying to dissuade writing about the network's absymal usage numbers
now that it leaked everyone's data, google can't get enough of telling people how no one used it https://t.co/iGocHG7vpA
— rat king (@MikeIsaac) October 8, 2018
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesperson told the Wall Street Journal. The company considered “whether [it] could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response.”
The company concluded that none of these thresholds were met, so it chose not to disclose the vulnerability.
Google detailed in a post Monday that it formed a 100-person-strong task force earlier this year called Project Strobe to review third-party access to Google application programming interfaces and services. The unit discovered the Google+ bug, which could affect as many as 500,000 users, including G Suite customers such as schools and businesses. Unfortunately, due to limited activity logs, the investigators were unable to determine exactly who may have been affected and what kinds of data may have been exposed to third-party developers. More than 400 applications may have had access to this data.
Google could now face repercussions such as increased government regulation or class action lawsuits over its failure to disclose this issue in a more timely fashion. For more information on the incident, visit Google’s blog post here.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.