How Google+ put thousands of users at risk

How Google+ put thousands of users at risk

It said it had no evidence that any third-party developer was aware of the bug or had misused profile data.

The data involved was limited to optional profile fields, including name, age, gender, occupation and email address, Google said.

Google discovered and immediately patched this bug in March 2018.

The exposed information did not include posts, messages or telephone numbers, a Google spokesperson said.

A Wall Street Journal report published at the same time with Google's blog post claimed the API bug was far worse, and might have leaked user data since 2015, being only discovered when Google engineers started prodding Google sites for privacy leaks in preparation for the EU GDPR deadline. The software flaw affected how the social network, created to rival Facebook but never seriously challenging it, interacted with third-party applications.

Among other changes, the company is updating its User Data Policy for the consumer Gmail API in order to limit apps that may seek permission to access consumer Gmail data. "Our goal is to support a wide range of useful apps, while ensuring that everyone is confident that their data is secure".

"Had this breach occurred just a few months later, Google could be subject to strict GDPR fines for not keeping user data safe".

Google's own social media platform i.e. Google+ is now shutting down permanently for consumers.

Google ran an internal test and found that as many as 496,951 users may have had their data compromised, according to the Wall Street Journal.

"The consumer version of Google+ now has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds", said Google, which is headquartered in Mountain View in northern California, Xinhua reported.

The news comes just two weeks after Facebook revealed almost 50m users had been affected by a similar privacy lapse.

Google has declined to comment on why it held off reporting the breach.

Besides low usage, Google+ engagement rates are also defeating, with 90-percent of all sessions lasting for under five seconds, according to Alphabet's subsidiary. Google executives were concerned about appearances, particularly as Facebook is under fire after an analytics firm allegedly misused the data of tens of millions of users.

Now, "Only apps directly enhancing email functionality ... will be authorized to access this data", Smith assured.