Google+ Closes after Data Leak 500000 Accounts

Google+ Closes after Data Leak 500000 Accounts – Google has announced the imminent closure of Google+ due to low user involvement and a bug that opened up the possibility of personal information leaks to 500,000 accounts. And, although there is no evidence that someone really took advantage of this bug, the company decided to gradually close Google+ to the general public. The closure will last 10 months and should end in mid-2019.

During the audit of the code, which was called the “Project Strobe”, the company discovered a bug in one of the APIs that could lead to leakage of personal data from Google+ accounts. This bug allowed other applications installed by the user to access the Google+ API to read non-public information of his friends, such as name, age, gender, email address and place of work. No other data that the user submitted to Google+, including posts, messages, G Suite (Google Apps for Work) content and phone numbers, is affected by this vulnerability.

The bug existed from 2015 to March 2018, when it was discovered on Google and immediately patched. Since Google only stores API logs for Google+ for two weeks, it’s impossible to determine if anyone has managed to use it all the time, but nothing suspicious happened during those two weeks. It is noteworthy that the internal committee of Google decided not to disclose information about it.

The second reason for the closure of Google+ is its unpopularity among users, the subject of numerous jokes. In an official statement, company representatives mention that, despite all the efforts that developers spend on maintaining the social network, almost no one uses Google except the Google employees, and user involvement is very low: 90% of sessions last less than five seconds.

So, Google+ will be gradually closed to the general public and transferred to internal use over the next ten months.

Recently, due to a set of bugs when using the Facebook function “See how” , accounts of 50,000,000 users were compromised : the attackers abducted other people’s access tokens having rights in the Facebook mobile application.

In particular, fearing comparisons with this case, Google did not disclose information about the vulnerability of Google+. According to a Google spokeswoman, the bug case was not a dangerous enough problem to provoke an extensive investigation.


Leave a Reply