According to a report, Google exposed private data of large number of users in its Google+ social network and opted not to disclose the issue. Read on to know more about the Google+ data breach…
Alphabet Inc’s Google exposed the private data of large number of users in its Google+ social network and opted not to disclose the issue. This was partly due to fears of regulatory scrutiny, the Wall Street Journal said, citing unnamed sources. A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, the report said, citing documents and people briefed on the incident.
The report said the company is planning to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, as part of its response to the incident. The report further reported that a memo, prepared by Google’s legal and policy staff and shared with senior executives, warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.
The affected data was limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.
Shutdown of Google+
Google said in a blog that it had discovered and patched the leak in March of this year and had no evidence of misuse of user data or that any developer was aware or had exploited the vulnerability. Google will shut down the consumer version of its social network Google+ after announcing data from up to 500,000 users may have been exposed to external developers by a bug that was present for more than two years in its systems.
The Wall Street Journal reported earlier that Google had opted not to disclose the issue with its Application Program Interfaces (API) partly due to fears of regulatory scrutiny, citing unnamed sources and internal documents. Google said it had reviewed the issue, looking at the type of data involved, whether it could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take.
“None of these thresholds were met in this instance,” it said. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”
Under the European Union’s General Data Protection Regulation (GDPR), if personal data is breached, a company needs to inform a supervisory authority within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedom of users.
Google said a software glitch in the social site gave outside developers potential access to private Google+ profile data between a major redesign in 2015 and March 2018, when internal investigators discovered and fixed the issue.
According to Wall Street Journal, Google CEO Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision.