Google today announced that it plans to shut down its less than popular social media platform Google+ earlier than expected in lieu of a second data leak which happened in November.
The leak which has been recently discovered was confirmed by David Thacker the vice president of product management at Google in a blog post. The bug was discovered while Google was testing a software update introduced in November. Data of over 52.5 million people was left in the public domain for approximately 6 days but Google claims that no third party party compromised their system and the data wasn’t misused.
Furthermore Thacker added:”We have begun the process of notifying consumer users and enterprise customers that were impacted by this bug. Our investigation is ongoing as to any potential impact to other Google+ APIs.” Even though Google has confirmed that no other data except the name, email, occupation was leaked, skepticism remains high considering the fact that the bug remained hidden under the company’s radar for months prior to its discovery.
However, this is not the first time Google has lost control of users information. Earlier this year in March, Google discovered a bug which was embedded in their Application Programming Interface (API) and had access to data which was earlier only used by third party apps as a way to customize advertisements. Over 500,000 users had their confidential data leaked to more than 450 third party applications which went unnoticed for a long time. Upon revelation, Google launched Project Strobe in a attempt to curb the damage and acknowledge the leak to the public.
However, this paints a much more dangerous picture of the privacy of users being invaded without any consequence to the company. Despite promises to keep information secure, leak after leak has caused public faith in Google to slowly waver.
Debate remains in the online world about the value of ones information and how easily people give it up for convenience. Davey Winder who has been a technology journalist for publications like Forbes,PC Pro, The Sunday Times and The Infosecurity Magazine had the following to say about this: “I think that most people perfectly willingly share their data in return for whatever benefit they see in the service concerned. However, I also know that most people have no real idea of the value of that shared information – to Google itself in this case, or to any threat actor that might be able to access it.
Shutting down of Google+ was a long time coming considering its poor number of user base and limited functionality. However, the social networks ties to its search engine algorithm allowed the bug to openly expose that information online to applications and even possibly the developers. Davey had the following to say about the closure of Google+ and future leaks: “There were API vulnerabilities that could have allowed the developers to access data that was not intended to be seen by them doesn’t equate to the higher echelons of security, especially as that data was not of the login/sensitive nature. It is indicative of a flawed incident response workflow at best. All of this said, I suspect that both incidents have less to do with the closure of Google+ than poor take-up. These ‘breaches’ might have accelerated the closure, but that’s about all.”
Google’s CEO Sundar Pichai is set to appear before an Intelligence Committee in the US today. Out of the many possible topics in discussion today, the controversial data leaks in 2018 remain a key issue.