Following the revelations of the privacy whiplash, after the data breach is disclosed, Google announced the shutdown of Google+ for consumers. The user data security bug that Google apparently failed to reveal since it was discovered in late March 2018 is supposed to have impacted the user privacy of around 500,000 Google+ accounts till date.
According to experts and the information published by the Wall Street Journal, Google failed to disclose this massive API vulnerability to its social media platform over the past six months, only in the fear of reputational damage and strong user scrutiny. Google has however said in a statement that none of the developers at the company were cognizant of the bug that might have been violating the data privacy of Google+ users.
Lukasz Olejnik, the cybersecurity veteran at W3C Technical Architecture Group says, “Hiding such massive user data exposure is dangerous to users, and trying to keep the cat in the bag for longer is not at all a sustainable strategy for a company like Google.” Moreover, Marc Rotenberg, the President, and Executive Director, the Electronic Privacy Information Center (EPIC) wonder if Google has really taken the necessary and sufficient efforts to address this Google+ episode.
As indicated by a memo cited by the Wall Street Journal, Google+ has been offering the access of thousands of its user profiles to outside developers since 2015. As reported by CNBC, the information involved in the breach includes usernames and gender, birth dates, email addresses and profile photos, relationship status, occupation, and locations.
Although the company was first aware of the privacy vulnerability bug with the onset of Project Strobe in March this year, the authorities chose to remain silent rather revealing the damage that could have been already done to private data of users who had shared their profile information only with friends.
“Project Strobe is one of Google’s regular internal reviews and conducts a deep dive review of Google’s third-party developer access. Our top priority, in this case, was to stringently review all the APIs related to Google+, which subsequently revealed that all the consumer controls and APIs associated with Google+ are extremely challenging to maintain and develop,” read a Google spokesperson, in the company’s official statement.
He further added, “While Google has planned to close all the consumer functionalities of Google+ over the next 10 months, we consider this as one part of a broader review of the company’s privacy practices. With this announcement, Google will now taper the third-party developer access to data on Gmail and Android smartphones”.
The spokesperson in the same breath also announced the company’s next take on data privacy protection going forward, more about which is available on Google’s latest blog post.