Google+ has permanently shut down after The Wall Street Journal discovered an unreported major privacy breach from last March. Apparently, a software vulnerability gave outside developers access to the personal and private information of Google+ users. What’s more shocking is that the vulnerability existed since 2015.
What Happened with Google+
According to a statement issued by Google, which came out after The Wall Street Journal‘s report, their review of Google+ showed a bug in one of the APIs. This bug apparently compromises the private and public data found on the Google+ Profile fields. Google ensured that the data that users posted or connected to Google+ “or any other service” was not compromised.
Despite their review of the service, Google wasn’t able to tell how many users were affected. They also weren’t able to tell if any developer/third-party had taken advantage of this vulnerability. According to Google:
“We Made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug.”
They did, however, run an analysis on the API’s logs for 2 weeks before fixing the bug in March 2018. The results were a little alarming: “The Profiles of up to 500,000 Google+ accounts were potentially affected”. Google’s analysis also showed that up to 438 apps may have used this API. However, they found no evidence of any developer knowing about this vulnerability.
The major issue in question here is not the vulnerability, per say, but how Google chose to handle it. Google fixed this bug in March 2018, but until now no one had heard about it. According to The Wall Street Journal’s sources, Google opted not to notify it’s users because of “fears that doing so would draw regulatory scrutiny and cause reputational damage”.
What the Google+ Fail Means to Big Tech Companies
Just as Facebook’s Cambridge Analytica scandal sent shivers down the spines of Big Tech everywhere, Google+’s failure won’t be any different. In fact, Google’s Cheif Executive, Sundar Pichai, is already planning to appear in front of GOP lawmakers this Friday in a private meeting.
Pichai is appearing in a public hearing after this year’s November elections. House Majority Leader, Kevin McCarthy (R., Calif) told The Wall Street Journal that “Google has a lot of questions to answer about reports of bias in its search results, violations of user privacy, anticompetitive behavior and business dealings with repressive regimes like China”.
In truth, Google’s Google+ mishap is another notch in a series of privacy breaches surrounding Big Tech companies. It seems like governments all over the world are starting to hold these companies liable for the methods they use to ensure user privacy. Who knows, we might soon be seeing a more international version of the GDPR. We can even look forward to more comprehensive data collection regulations on local levels.