Google exposed user data, feared repercussions of disclosing to public

Google exposed personal data of almost 500,000 and didn't disclose it

According to a report in the Wall Street Journal, Google became aware of the hole in its security back in March of this year and patched it, but then failed to inform the users who were affected. And an internal memo noted that while there wasn't any evidence of misuse on behalf of developers, there wasn't a way to know for sure whether any misuse took place. The company has said it hasn't found any evidence that the exposed data was misused or inappropriately accessed by any third party. It did not include phone numbers, the content of emails or messages, or other kinds of communication data.

Unfortunately, whether you've forgotten about it or not, if you have a Google+ account, your data may have been put at risk. "None of these thresholds were met in this instance", the company said.

Google is also going to be limiting access to the apps seeking access to your SMS and Gmail data. There is no suggestion that any credit card or bank information was exposed, but exposing private information about individuals can make them more vulnerable to fraud.

Soon after the article was published, Google engineering fellow and vice president Ben Smith disclosed the bug and Google's plans to shut down Google+ in a blog post. In the company's own words, "90 per cent of Google+ user sessions are less than five seconds".

Allegations of the improper use of data for 87 million Facebook users by Cambridge Analytica, which was hired by President Trump's 2016 USA election campaign, has hurt the shares of the world's biggest social network and prompted multiple investigations in the United States and Europe.

The API allowed users to grant access to their and their friends' profile information to apps.

Smith said that "the Profiles of up to 500,000 Google+ accounts were potentially affected". It opted not to report it, "in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage".

The firm has also promised to institute new security rules, including limits around the types of use cases that are permitted to access consumer Gmail data. As a result, all European Union data protection authorities have jurisdiction to engage with Google on the breach. Now, only apps that fit a particular use case will be able to access these permissions.

Google, replying to requests for comment, defended its decision not to disclose.

Related:

Comments

Latest news

SpaceX launches Argentine satellite, posts first ground-landing on West Coast
A Falcon 9 rocket with a pre-flown first stage launched from California's Vandenberg Air Force Base tonight (Oct. 7) at 10:21 p.m. Minutes after launch, the rocket's second stage separated from the first-stage booster and continued rising spaceward.

Kavanaugh on track for his Supreme Court robes
Senate Majority Leader Mitch McConnell, R-Ky., said that the vote was "a pivotal day for us here in the Senate". Lisa Murkowski turned against Supreme Court nominee Brett Kavanaugh quietly, uttering a single word: "No".

Pompeo, Chinese counterpart exchange criticism during meeting in Beijing
Pompeo did not meet Kim on that trip. "South Korea alliance and secure the withdrawal of the 28,500 US troops based in the South". Pompeo tweeted Monday that he was heading to China to work on a "final, fully-verified" denuclearization of North Korea.

Jadon Sancho rewarded for bold move to Borussia Dortmund with England call-up
The 21-year-old has scored three Premier League goals and assisted a further two since his summer move from Norwich City. This year in the Championship he's created more chances than any other player in the league.

Other news