New Google+ Bug Moves Site End Date Forward

Written by

Google is speeding up the closure of its unpopular social networking platform after discovering a new bug affecting over 52 million users.

The tech giant announced in October that it would be shutting Google+ in August 2019. However, that date has been brought forward to April next year, while its APIs will disappear “within the next 90 days,” according to G Suite product management VP, David Thacker.

The reason appears to be a newly discovered vulnerability in the API which the firm says impacts roughly 52.5 million users.

“With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile — like their name, email address, occupation, age — were granted permission to view profile information about that user even when set to not-public,” Thacker explained.

“In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.”

On the plus side, however, no developers were able to access information such as financial data, ID numbers, passwords, or similar which could have been used for identity theft. Google also said it has no evidence any developers abused the access they did have to users’ non-public information.

Thacker said Google was in the process of notifying any enterprise customers affected by the bug, with a list of impacted users being sent to system administrators.

The original vulnerability disclosed in October shared non-public profile information including name, email address, occupation, gender and age with others. Around 500,000 users were thought to be affected.

What’s hot on Infosecurity Magazine?