The tech-giant suffered a massive data breach, exposing the private data of hundreds of thousands of Google+ users to third party developers. According to Google, a security vulnerability in one of Google+’s People APIs enabled third-party developers to access data for more than 500,000 users that included their usernames, email addresses, date of birth, occupation, profile photos, and gender-related information. Google+ servers don’t keep API logs for more than two weeks, therefore the company cannot confirm the number of users impacted by the vulnerability.
The vulnerability was present since 2015 and got fixed after Google discovered it in March 2018, but they chose not to reveal the breach to the public. Admitting that Google+ failed to gain popularity, Google decided to shut down its social media network. “The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds,” Google said. However, Google+ will continue as a product for Enterprise users.
Furthermore, Google has updated their privacy controls in order to prevent malicious apps from tricking users into giving away their information via powerful permissions. Now, instead of apps bundling permissions in one request, they are separated and ask the users for permissions one at a time so the user knows every detail on what they share with the app.