Another day, another nail in the coffin of the now defunct consumer facing side of Google+.
A new report from Google surfaced, that following the October reveal of a security flaw in a Google+ API which exposed users personal data, just a month later the company found an additional flaw that will now force it to shutter the service much sooner than its August 2019 timeframe.
The latest undisclosed flaw found by Google could have put up to 52.5 million users at risk of exposed personal information that could include email addresses, birthdates, occupations, names and ages.
We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API. We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.
Google claims the flaw was only active for six days and that developers with access to the specific API were not aware of the exposed data or have done nothing with it. Furthermore, Google also explains that the leak has been patched by the company and should result in secure service as usual
Going forward, Google plans to shutter the Google+ 3rd party accessible API’s in the next 90 days and eventually turn out the lights to the consumer facing portion of the platform in April 2019 instead of the August 2019 date it revealed after the first breach.
Surprisingly, Google adds a note to its enterprise customers alongside the annoucement of a data breach that reads,
We are in the process of notifying any enterprise customers that were impacted by this bug. A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered.
G Suite administrators are always in control of their users’ apps. This ensures that G Suite users can give access only to apps that have been vetted and are trusted by their organization. In addition, we want to reiterate that we will continue to invest in Google+ for enterprise. More details were announced in October.
Needless to say, Google’s social network platform experiment has comes to a rather unceremonious end.Further reading: API, Google, Microsoft