[ad_1]
By the end of next August, Google+ will be a goner.
Stephen Shankland / CNET
A vulnerability in the social network exposed to the 500,000 people between 2015 and March 2018, the search giant acknowledged Monday.
Google said it was no evidence of misuse. Still, as part of the response to the incident, Google plans to shut down the social network permanently.
The company did not disclose the vulnerability because it did not want to prompt regulatory scrutiny from lawmakers, according to a report Monday by The Wall Street Journal. Google CEO Sundar Pichai was briefed on the decision to not disclose the finding, after an internal committee had already decided the plan, the Journal said.
Google said it was a part of an internal review called Project Strobe, an audit that was made by third party software developers. The bug gives you access to information on a person's profile that can be marked as private. That includes details like email addresses, gender, age, images, relationship statuses, places lived and occupations. Up to 438 applications on Google+ had access to this API, however Google said it was not obvious any developers were aware of the vulnerability.
"Ben Smith, Vice President of Engineering, said Monday in a blog post," The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers' expectations. "Given these challenges and the very low usage of the consumer version of Google+, we are going to the consumer version of Google+."
Watch this:
Google bug exposed data of 500,000 Google+ users
1:35
The news comes as Silicon Valley companies have been polled for their data collection practices. Facebook analytica scandal, in which a UK-based digital consultancy harvested data on 87 million Facebook users without their permission.
Google has already drawn controversy over its data collection practices. In July, the company was criticized after reports that employees for third-party email apps could read your email if you integrated those apps with your Gmail account. Google was hammered back again when the Associated Press revealed the company was tracking users 'locations even after they'd turned off their phones' location history setting.
Last month, Google Chief Privacy Officer Keith Enright – Apple, Amazon and AT & T – testified before the Senate on privacy practices in Silicon Valley. Google CEO Sundar Pichai reportedly is expected to take over the US midterm elections in November.
Google+ launched with much fanfare in 2011, as well as the search giant's answer to Facebook. But the social network never gets traction among consumers. Google will probably be one of the most popular features, including Hangout chats and its photo capabilities, and put them into standalone apps. On Monday, Google said 90 percent of Google+ sessions today last less than five seconds.
The search giant said it will go down to the end of August 2019 to give people a chance to migrate their information and get used to the transition. After Google announced the social network's shutdown, the people who helped launch the product said the time had come to end it.
"As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is … FINALLY," tweeted David Byttow, to train Google engineer.
As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is … FINALLY.
– David Byttow (@davidbyttow) October 8, 2018
Specifically, the issue revealed Monday through one of the Google+ "People" APIs, a developer tool available to third-party app developers. Still, outside app makers were not recommended to private profile information. The API was designed to only keep logs for two-week periods. Even in that short amount of time, Google's audit found that nearly half a million Google+ accounts could have been affected in just 14 days' worth of analysis.
The company said it is often not affected, but it is not affected by it. The office looks at what data was taken, if affected users need to be informed, if there was any evidence of data abuse, and whether users could respond.
Ireland's data protection regulation group said that it will seek more information from the security vulnerability, according to Reuters.
"The Data Protection Commission was not aware of this issue, but the nature, impact, and risk to individuals, and the need for information on these issues," the commission said.
Google may not have a lead supervisory authority for the breach of the European Union's General Data Protection Regulation (GDPR) privacy law went into effect in May, Reuters noted.
First published Oct. 8 at 10:12 am PT.
Update, Oct. 9 at 7:10 AM PT: Adds Irish data protection regulator 's statement and GDPR detail.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
Special Reports: CNET's in-depth features in one place.
[ad_2]
Source link
