- Google disclosed that it discovered a critical flaw in one of the Google+ API impacting approximately 52.5 million users.
- The bug allows applications to view users profile information such as name, email address, occupation, and age.
- The Google decided to shut down consumer version of Google+ four months earlier than planned due to the discovery of flaw.
- Google confirmed no sensitive data such as Financial data, national identification numbers, passwords were exposed in the incident
Google has announced that it will close consumer version of Google plus in April 2019 instead of August 2019 due to the discovery of new security flaw.
Google disclosed a new security flaw affecting a Google+ API which allowed applications to view profile information of users such as name, email address, occupation, and age even if it is set to not public. “We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API. We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced.”
The vulnerability occurred due to the software update introduced in the Google+ People API in November and impacts approximately 52.5 million users. Google confirms that the bud did not expose users financial data, national identification numbers, passwords or any other sensitive data. The investigation is still ongoing and the company did not find any evidence inadvertent access to the data by third-party app developers. Google said they have started notifying customers who were impacted by the flaw.
“We have begun the process of notifying consumer users and enterprise customers that were impacted by this bug. Our investigation is ongoing as to any potential impact to other Google+ APIs.”
Earlier Google announced to shut down Google plus a bug exposed account information of 500,000 users. A flaw in one of the Google+ People APIs allowed third-party apps to access private information of Google+ users.