New flaw prompts Google to shut down Google+ for consumers within 90 days

(Thomas Hawk / Flickr)

Share

Written by

Google will shut down the consumer version of Google+ months sooner than planned after discovering a security flaw that impacted the privacy of some 52.5 million users, the company announced Monday.

Google said in October that it would shut down the social media platform in August 2019, while also disclosing a bug that exposed non-public profile information. Monday’s announcement brings the farewell date for Google+’s consumer platform up to March 2019.

The company said that an update to the platform last month inadvertently included a bug that affected a Google+ application programming interface (API). The bug existed for six days, Google said, and there’s no indication it was exploited before the company discovered it during standard testing procedures. In comparison, Google said it discovered the last Google+ API bug in March and disclosed it in October.

The API is called “People: get” and it allows for developers using Google+ to request basic information associated with a user profile, like name, age, job and email address. But Google said it found that the API’s permissions were misconfigured in a way that allowed apps to request this data even if a user profile was not public.

“No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way,” Google said in a blog post.

Since its launch in 2011, Google+  has disappointed as a potential competitor to social media giants like Facebook and Twitter. Still, the  company said that the platform is still is useful for enterprise customers.

“Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network,” the company said in October.

Monday’s announcement comes a day before Google CEO Sundar Pichai is scheduled to testify before the House Judiciary Committee about the company’s data collection practices.

-In this Story-

API, Google, vulnerabilities, vulnerability disclosure
TwitterFacebookLinkedInRedditGoogle Gmail