Google data breach undisclosed, “consumer” Google+ to be shuttered as result

Google / Security / Tech
Google-Plus-ashut-down

In addition to the privacy breach, Google mentioned low user engagement as reasons for shutting down “consumer” Google+

According to a damning report from the Wall Street Journal, a Google date breach centered around their Google+ social media network was detected and then remained undisclosed by the search giant. As a result, Google is expected to announce new data privacy measures, one of which includes “permanently shutting down all consumer functionality of Google+.”

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.

As we were writing up this news, a Google post appeared confirming that “consumer Google+” will be shutting down in August 2019. While the data breach was one contributing factor, an internal analysis of Google+ consumer use during the security analysis basically put the final nail in Google’s now failed social media site.

The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.

The data breaches happened between 2015 and March 2018 through a software glitch. The glitch potentially gave outside developer access to private Google+ profile data. According to the WSJ, the breach was not disclosed at the time to prevent “immediate regulatory interest” and comparisons to the Facebook/Cambridge Analytics scandal.

During their audit, dubbed Project Strobe, Google found that a potential 500,000+ Google+ users were affected by the bug, however, they also found no evidence that developers were aware of the bug.

We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.

We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.

Still, even though they found no evidence that the API bug was not accessed or Profile data was misused, the bug should still have been disclosed to the public. 

For those of us who enjoy and use Google+ on a daily basis, a side effect of the Project Strobe review confirmed low user engagement on the social media site and, as one of four action items Google is taking, will be shuttered in 10 months.

This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.

[…]

To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data.

The rumoured death knell for Google+ has been ringing for some time now and gained traction earlier this year when both Google France and Google’s Project Loon both ditched the social media site.

On the flip side, Google has found enterprise engagement with Google+ valuable for companies. As a result, they have decided to focus on Google+ as a “secure corporate social network” and will be sharing more information in the coming days on new features “purpose-built for businesses.”

In addition to shuttering Google+, the company is also implementing new privacy and security features including:

  • launching more granular Google Account permissions that will show in individual dialog boxes
  • limiting the types of use cases that are permitted
  • limiting apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API

You can read the full results of their report as well as details about the new security features in the source link below. If you’ve been following us over on Google+ over the years, we thank you for your support. We will still post there until the bitter end but you can also follow us on Facebook or Twitter.

What do you think about the WSJ report and the fact that Google+ will be shutting down as a result? Are you going to be moving to Facebook, Twitter, or somewhere else? Let us know in the comments below or on Google+, Twitter, or Facebook.

  Source: WSJ  Source: Google
Comments
To Top