Google became the latest tech giant to disclose a breach of user data yesterday after admitting that its Google+ social network was hacked.
According to an article in The Wall Street Journal, the company exposed data belonging to hundreds of thousands of users. It chose not to reveal the details as it feared damage to its reputation,
So, here is what exactly happened.
Between the year 2015 and March 2018, outside developers would have been able to possibly access personal Google+ profile data due to a software bug in the site. Google decided not to notify the social network’s users once the breach was discovered. An internal memo warned that revealing the hack could result in a “regulatory interest” and lead to comparisons to the other social media giant Facebook in the wake of the Cambridge Analytica scandal.
Users have the ability to grant access to their profile data to Google+ apps, via the API. However, the bug meant that these apps also had access to profile fields shared with the user, but were not marked as public. Google says that this data is limited to “static, optional Google+ profile fields” which includes name, email address, occupation, gender and age. The tech giant says that it does not include any other data one might have posted or connected to Google+ or any other services, like Google+ posts, Google account data, messages, phone numbers or G Suite content.
Now since Google keeps the API’s log data for only two weeks, it says that it cannot confirm which users were impacted by this bug. After running a “detailed analysis” over the two weeks prior to fixing the bug, Google thinks the number of profiles that might have been potentially affected is close to 500,000.
The company added that it found no evidence that any developer was aware of this bug, or abusing the API and said that it has found no evidence that any of the profile data was misused.