A new vulnerability has been found in the Google+ API system that allowed app developers to access around 52 million users data. The vulnerability was discovered by Google’s security team, which was a data leak in their API system.
The data leak that could have allowed app developers to access Google+ full name, email address, age, occupation, skill, date of birth, gender, photos, image URL, relationship status, and other private information. The good news is that passwords, national identification numbers, and financial data were not in the data leak.
However, Google stated that there is no evidence that the API system had been used in any way by app developers or aware of such vulnerability. Therefore, users don’t need to be worried about the leak. David Thacker, the VP Product Management at G Suite made the following statement:
“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019,” wrote Thacker.
Google security team are still in search for other vulnerabilities in it’s Google+ APIs, while Google is trying to reach out to all enterprise customers and consumer users that were impacted by the breach. David Thacker concluded the following:
“We understand that our ability to build reliable products that protect your data drives user trust. We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs.”
Google+ is to shut down by April 2019, whereas users will no longer be able to access their accounts on the Google+ website and mobile apps from that date forward.