Google is having a tough time with its apps. Last week, the company announced plans to shut down Allo, one of its messaging apps, “Allo.” Now the search engine giant has revealed another Google+ data leak following the one which occurred in October. The company has now announced plans to shut down API access to Google+ within the next 90 days — much earlier than originally planned.
This latest Google+ data leak impacted 52.5 million users. The bug allowed apps access to user information such as name, email address, occupation and age. Even users who set their profile to be private instead of public were affected.
This is not the first leak of this kind. Just months ago, another Google+ vulnerability exposed private user data to developers, going back three years. This bug was discovered much earlier. The Wall Street Journal noticed it first, and then Google confirmed it later. At the time, Google wrote that there was no evidence of third-party app developers being aware they could wrongfully access profile information on the social network. The old bug affected an API which hundreds of developers access; it has been active since 2015.
When the leak occurred, Google announced its plans to shut down the consumer version of Google+, not just because of the leak, but also due to low usage and engagement. This newer Google+ data leak was discovered between Nov. 7 and Nov 13; it was live only for six days following the November update.
“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days,” Project Management VP David Thacker wrote in a blog post. “In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users.”
The bug was discovered while Google was testing its standard procedure. The company also said app developers weren’t aware of the bug, and there were no signs that any of them were taking advantage of it. The company also started notifying users and clients who were hit by the leak.
“We understand that our ability to build reliable products that protect your data drives user trust,” Thacker wrote. “We have always taken this seriously, and we continue to invest in our privacy programs.”
Google plans to continue operating Google+ as an enterprise product for companies which subscribe to its G Suite service.