Google+ to shut early after second bug revealed

James Marshall
December 11, 2018

This expedited shutdown will undoubtedly upset some of Google+'s most loyal users (and the platform's third-party developers), but it sounds like it's for the best. This includes the user's name, email address, occupation, age, and whatever else was entered into Google+.

Google claims the flaw was only active for six days and that developers with access to the specific API were not aware of the exposed data or have done nothing with it.

To avoid this for as many users as possible, Google will continue to provide additional information and instructions on how to safely and securely migrate their data on the platform.

Back in October, Google announced that it would shut down its Google+ social network, following the discovery of an API bug that could have led to user data being stolen.

Another day, another nail in the coffin of the now defunct consumer facing side of Google+. The search giant had initially announced it would close down Google+ in August of next year, a deadline that itself had been established because the social network was the inadvertent cause of a security lapse.

The latest breach allowed developers to see profile information on 52.5 million users, even if set to private, using one of Google's APIs for six days in November, the company said.

With the discovery of this new bug, we have made a decision to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days.

Google discovered the privacy-invading glitch following its routine testing procedures.

The latest Google+ security vulnerability affects the People API that enables apps to view public profile information from consenting users.

Google is expected to shut down Google+ APIs in the next 90 days, and it will now be shutting down the service itself much earlier than expected.

"We understand that our ability to build reliable products that protect your data drives user trust", Google says by way of concluding its blog post. Google also said its systems were not compromised and had no evidence that developers with profile information access were either aware of it or abused it.

Other reports by

Discuss This Article