The Google+ APIs to be shut down within 90 days

Dec 10, 2018 17:44 GMT  ·  By

Google found a new bug in the Google+ People API exposing the personal information of roughly 52.5 million following a software update introduced during November 2018.

"With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days," said David Thacker, G Suite Product Management VP. "In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019."

Google discovered the bug in the Google+ People API during ongoing standard testing procedures, and it fixed it within a week of the issue being introduced.

According to Thacker's post, no unauthorized third party compromised the company's systems and no evidence that the Google+ application developers with access to the exposed data for six days were aware of it or used it fraudulently in any way.

"With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public," Thacker added.

The apps that had access to the exposed data were also able to view the personal profile data privately shared and received from other Google+ users besides the personal information of users that were directly affected by the Google+ API issue.

During October Google found another API issue exposing the info of 500K profiles

No passwords, financial data, national identification numbers or any other similar sensitive data was left defenseless by this bug according to Google, therefore the 53 million users impacted will not be risking any identity theft attacks because of this data leak.

"We have begun the process of notifying consumer users and enterprise customers that were impacted by this bug. Our investigation is ongoing as to any potential impact to other Google+ APIs," concluded Thacker.

Google announced another data breach incident on October 8, with another bug being found in the same Google+ API during March 2018, known to have been active between 2015 and March 2018 and exposing personal info like name, e-mail addresses, occupation, age, places lived, birthday, employers/organizations, and gender of 500,000 profiles.

Following the last data leak event, Google decided to push the pedal to the metal and accelerate the sunsetting of the consumer Google+ platform, changing it from August 2019 to April 2019.