- What’s the deal with Bran Stark at the end of ‘Game of Thrones’? 8 Months Ago
- How to watch TruTV online for free 8 Months Ago
- Fans call out Madonna for edited Eurovision video Tuesday 9:36 PM
- Partnered Twitch streamer temporarily banned for airing troll’s racist message Tuesday 8:45 PM
- Reddit theory says fans are wrong about who won ‘Game of Thrones’ Tuesday 6:52 PM
- Elon Musk hires ‘absolute unit’ sheep meme creator to be Tesla’s social media manager Tuesday 6:12 PM
- Jason Momoa stands by his Khaleesi after the ‘Game of Thrones’ finale Tuesday 4:05 PM
- Airbnb, 23andMe partner for creepy heritage travel recommendations Tuesday 3:26 PM
- Rep. Katie Porter goes viral again for trouncing Ben Carson (updated) Tuesday 3:26 PM
- This deepfake takes Bill Hader’s Schwarzenegger impression to the next level Tuesday 2:58 PM
- Wanda Sykes rails against Trump and offers much-needed perspective in ‘Not Normal’ Tuesday 2:41 PM
- Man arrested after allegedly threatening to shoot YouTube employees Tuesday 2:13 PM
- Some House Dems are backing away from the Save the Internet Act Tuesday 1:40 PM
- Thousands sign petition calling for Danny DeVito to play Wolverine Tuesday 1:02 PM
- Jason Mitchell fired from ‘Desperados’ and ‘The Chi’ after misconduct allegations Tuesday 12:36 PM
Google discovered the breach back in March but chose not to disclose it.
Facebook isn’t the only technological giant to have breached users’ trust and privacy. Google just announced that it’s shuttering its social network Google+ after leaving user data vulnerable to abuse by outside developers.
Months after Facebook announced that user data had been accessed inappropriately via political data firm Cambridge Analytica, Google confirmed that hundreds of thousands of Google+ users’ data was exposed in a software glitch. Perhaps even worse than the security issue itself is how Google handled the incident. After discovering the issue earlier this spring, the Wall Street Journal reports, Google decided not to disclose the issue “in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.”
Much like Facebook’s Cambridge Analytica scandal, the Google+ incident involved third-party developers potentially having access to users’ profile data. This lasted from 2015 to March 2018, when the issue was discovered and fixed. An internal memo shared with senior executives and viewed by the Wall Street Journal said that if the company disclosed the vulnerability, it could spark “immediate regulatory interest.” In order to prevent snowballing with Facebook’s security woes, Google stayed silent on the issue until now.
Alphabet, Google’s parent company, has now completely shut down all consumer-side functionality of the social network. Thus far, there seem to be no signs of abuse, on top of the fact that Google+ has been a ghost town for years. As some Twitter users have rightfully pointed out, Google tried to downplay this fact in the past but now admits that “90 percent of Google+ user sessions are less than five seconds.”
dark comedy: google plus PR spent five years trying to dissuade writing about the network's absymal usage numbers
now that it leaked everyone's data, google can't get enough of telling people how no one used it https://t.co/iGocHG7vpA
— rat king (@MikeIsaac) October 8, 2018
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesperson told the Wall Street Journal. The company considered “whether [it] could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response.”
The company concluded that none of these thresholds were met, so it chose not to disclose the vulnerability.
Google detailed in a post Monday that it formed a 100-person-strong task force earlier this year called Project Strobe to review third-party access to Google application programming interfaces and services. The unit discovered the Google+ bug, which could affect as many as 500,000 users, including G Suite customers such as schools and businesses. Unfortunately, due to limited activity logs, the investigators were unable to determine exactly who may have been affected and what kinds of data may have been exposed to third-party developers. More than 400 applications may have had access to this data.
Google could now face repercussions such as increased government regulation or class action lawsuits over its failure to disclose this issue in a more timely fashion. For more information on the incident, visit Google’s blog post here.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.