Google+ may long be dead to us, but it’s still radioactive. Google announced that a buggy API may have been leaking personal data of hundreds of thousands of users to potential bad actors.
So long Google+. You really won’t be missed. Multiple reports mention that Google suffered a critical user data breach and has made the executive decision to shut Google+ down once and for all. The breach was spotted in Google+ API which let unauthorized users not only obtain data from existing users, but also from their friends. According to Google, profiles of up to 500,000 Google+ accounts were potentially affected. Google’s analysis showed that up to 438 applications may have used this API.
To make things even worse, Google failed to disclose the data breach for months after it occurred. The timing of the data leak is of particular interest; According to The Guardian, it was initially reported in March 2018, around the time Facebook was called to testify in front of a technologically benighted Senate, and while the platform was preparing for the rollout of EU’s GDPR requirements.
In brief, Google decided to shut down the platform and sweep any discrepancies under the rug. Any disclosure could result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal.” Another source claims that the bug may have been leaking data since 2015.
This is the final nail in Google+’s coffin, which Google quietly started dismantling back in 2015, first by unlinking it from YouTube, then by making individual features available to other core products, and finally by launching a redesign which was never quite the success.
Here’s the upside: Google will now offer more customized control over who gets access to what, when it comes to their Google properties and apps. Going forward, consumers will get more fine-grained control over what account data they choose to share with each app. Instead of seeing all requested permissions in a single screen, apps will have to show you each requested permission, one at a time, within their own dialog.