On October 8th 2018 Google announced Google Plus shut down due to a security breach that was provoked by a software bug. This bug gave developers access to more than 500,000 private profiles data. According to Google’s vice president Ben Smith, the data was exposed through an API used by third party apps.
Google’s Vice President announcement stated that ‘over the years we’ve continually strengthened our controls and policies (…) about data privacy and security. In this announcement, they also established four findings and detailed the correspondent actions for them:
- Finding 1: There are significant challenges in creating and maintaining a successful Google+ product that meets consumers’ expectations.
Action: Google is shutting down Google + for consumers.
- Finding 2: People want fine-grained controls over the data they share with apps.
Action: Google is launching more granular Google Account permissions that will show in individual dialog boxes.
- Finding 3: When users grant apps access to their Gmail, they do so with certain use cases in mind.
Action: Google is limiting the types of use cases that are permitted.
- Finding 4: When users grant SMS, Contacts and Phone permissions to Android apps, they do so with certain use cases in mind.
Action: Google is limiting apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.
The bug was discovered in March 2018. According to an article published in the Wall Street Journal, Google didn’t make an earlier announcement because they feared regulatory scrutiny. To this day Google says there is neither evidence of developers being aware of the security bug nor data being misused.
Google Plus: The Social Media that Could Not Be
After this scandal Google admitted that during its existence Google Plus failed to engage users and developers massively. In fact, 90% of users sessions lasted 5 second or less, resulting in a great fiasco for most of the consumers on the internet. Despite all this, Google insisted in investing on efforts on their failed social media, like the implementation of data to customize search results basing on those connections users have given a +1. Such efforts never really prospered, and it’s very likely Google would have eventually shut G+ down. The security breach was just the coup de grace for the social media that could not be.
Understanding G+ Security Breach
Following their security audit, Google discovered that the security bug meant that apps had access to profile fields that, although they were not marked as public, were shareable among users. These were static, optional fields like name, email, gender, age and occupation. No other information that users may have posted to G+ was compromised in the security breach. The company discovered the bug in March and patched it immediately. However, more than 500,000 profiles were compromised.
To this date Google can’t confirm which specific accounts were impacted by the breach. The company discovered no evidence of developers being aware of the bug, abusing the API or even misusing the data uncovered through it. Google confirmed they will be shutting down G+ in a period of 10 months, and predicted the final close up for the end of August 2019.
Website Depot is a Full-Service Digital Marketing Agency located in Silverlake, California. We are Premier Google Partners and are up to date with everything related to Google, Social Media Marketing, Technology, Web Development and SEO. For more information about Google + and many other platforms call us at (888) 547-9540.