Another huge data leak has been revealed by Google, and it may have affected around 52.5 million people.A Google+ data leak will see the platform closed early, after more user data was exposed. This news has been confirmed by Google via a blog post, an investigation is still in progress.It is understood that the bug was identified with an update to its API for the service.
How serious could the leak be?
No evidence that the data was misused has been found by Google. However, hypothetically speaking, developers had access to the information for six days.
It is understood that user passwords were not exposed by the leak. Accounts cannot be compromised by hackers using these details directly. But there is a fear that theoretically malicious users could use the details to trick authentic users into handing over details.
Data that could have been leaked may include real names, ages and email addresses. Even if users had set their profile to private, they would still have been affected.
Since the news broke on Monday December 10, leading publications have reminded users that companies like Google will never ask for personal details over email.
What has Google said?
David Thacker, vice president of Product Management at G Suite, published a blog post titled ‘Expediting changes to Google+’. It read: “In October, we announced that we’d be sunsetting the consumer version of Google+ and its APIs because of the significant challenges involved in maintaining a successful product that meets consumers’ expectations, as well as the platform’s low usage.
“We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API. “We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced.”
The statement, “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”
“With the discovery of this new bug, we have decided to expedite the shutdown of all Google+ APIs; this will occur within the next 90 days.” It added: “We have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognise there are implications for developers, we want to ensure the protection of our users.”
Timing couldn’t be worse
The Mirror reports that ‘the timing couldn’t be worse’ for Google, because of a number of reasons.
- Firstly, the paper references the new strict European rules on data. GDPR laws mean that Google could be fined up to 4 per cent of its global turnover.
- The Mirror goes on to say that if ‘the harshest penalty’ was imposed, which it acknowledges is very unlikely, it could be fined as much as $4billion for the leak.
- Unfortunately for Google the latest announcement comes after the introduction of strict new European rules on data.
- GDPR laws mean that Google could be fined as much as 4 per cent of its global turnover.