Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure

Just die already.

Graham Cluley
Graham Cluley
@[email protected]

Google admits Google Plus hit by *another* privacy flaw, says it will shut it down four months sooner

Here’s a quick recap.

Between 2015 and March 2018, there was a serious privacy hole in the Google Plus social network that meant users’ names, email addresses, dates of birth, genders, profile photographs, places lived, relationship statuses, and occupations were exposed to third-party app developers through an API bug.

In March 2018, Google chose not to go public that it had been failing to protect its users’ privacy for years, fearful that it would find itself in the media’s headlights when arch-rival Facebook was being quite rightly being flayed over Cambridge Analytica.

Sign up to our free newsletter.
Security news, advice, and tips.

In fact it took until October 2018 for Google to finally admit that there had been a problem, and that approximately half a million Google Plus profiles had been potentially affected in just the two weeks prior to patching the bug, and 438 separate third-party applications having access to the unauthorised Google Plus data.

In light of the revelations, and presumably to take the steam out of the attacks it knew it was about to receive from the media and regulators, Google announced that it would be closing down Google Plus by the end of August 2019.

Google’s failure to protect user data, and its subsequent cover-up, would be bad enough… but now there’s more bad news.

Google has now admitted that Google Plus has suffered another security failure, allowing the personal information of 52 million users to be accessed by third-party apps and developers without permission.

So, even if you had your profile information – such as your name, email addresss, occupation, etc etc – set as “not-public”, the information could be accessed by unauthorised parties.

According to Google, the flaw was introduced through a software update in November and was spotted less than a week later. The search giant says that it has seen no evidence that any app developers were aware of the flaw or misused it.

Google says it will now shut down Google Plus in April 2019, five months sooner than the previous announcement suggested:

With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019.

Good riddance Google Plus.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure”

  1. mark jacobs

    Soon, black hats will have a cornucopia of information that'll allow them much easier identity theft. Possibly even now!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.