What we know about the Google+ security bug and the company's decision to keep it secret



[ad_1]

Only a week after the announcement of a data flaw in Facebook, at least 50 million accounts were vulnerable, the internet giant, Google, has announced a major security breach. He added that a software problem had revealed private information relating to about 5,000,000 users of his Google+ social network platform. This included user details, such as email addresses and names, as well as dates of birth and gender.

A report in the the Wall Street newspaper, citing internal documents from Google, said the security breach was discovered by the company in March, but she decided to keep the information confidential, fearing that the violation would lead to regulatory action and an attack on her reputation.

Here is a preview of what we know about the security flaw, why Google's breach of trust means more than security failure and why Google's parent company Alphabet has decided to close Google+.

What do we know?

the the Wall Street newspaper The report says that Google had exposed user data, and then chose not to disclose the case. On Monday, October 8, it was published. Shortly after the release of the report, the company gave way. The Internet giant said Google+ had security loopholes that were difficult to fix, which prompted it to shut down its social networking site.

The gap that led to the exposure of private data was found in the interface of the Google+ application program. APIs, as they are known, are a defined procedure that allows programmers to access public data from applications and websites. When an internal audit (called Project Strobe) was discovered, Google discovered the defect. It was intended to determine the amount of Google's public data that third-party applications or developers should have access to. In March, Google discovered that a Google+ defect was exposing a lot of information to developers. The information presented ranged from March 2015 to March 2018 and included user names, e-mail addresses, birth dates, gender, profile pictures, living locations, occupation and status of the relationship, according to the WSJ report.

Ben Smith, Google's vice president of engineering, said in a blog post that the company had found no "evidence" that the developers were aware of the bug and that no user data was available. was "misused"

Was there a breach of trust?

In his report, the the Wall Street newspaper quoted an internal document in which Google officials recognized the security breach internally but chose not to disclose it to the public. This decision attracted more attention than data exposure because it was perceived as an attack on user confidence. This is particularly because the new rules in effect in California's state of society require the disclosure of a security breach. The new amendments to state law, passed in June, a few months after the Cambridge Analytica data collection scandal on Facebook, made it mandatory to strengthen "transparency of data practices".

the WSJ The report suggests that Google has chosen not to publicly declare the vulnerability of the data, fearing a backlash in the form of additional regulatory control. The company also feared that Google CEO Sundar Pichai would be summoned to the US Congress to be questioned about the incident.

the WSJ According to the report, Google's internal rating acknowledged that disclosure of this information would result in "we would become the spotlight alongside or even in place of Facebook, even though we stayed under the radar all the way through. of the Cambridge Analytica scandal ". The memo added that the glitch "almost guarantees that Sundar will testify before the Congress".

Many have questioned Google's decision not to publicize the problem.

"You stand out from these things," said Joseph Moreno, a former federal prosecutor who now oversees cybersecurity affairs at the international law firm Cadwalader, Wickersham & Taft. Internal business reported. He added that the worst thing in this situation would have been that Google downplayed the offense or claimed that it did not happen.

The incident also attracted the attention of international regulators. On Tuesday, the Irish regulator for data protection announced its intention to ask Google to have more information on the security breach, the source said. Reuters. The Data Protection Commissioner in Hamburg, Germany, has also opened an investigation to get more information on the data security bug.

Does the violation have an impact on India?

According to a report of the company's analysis ComScoreIndia has the largest user base of Google+ after the United States.

"Google+ has a large user base in India, so it is almost certain that the bug exposes private information from Indian users," said Arun Mohan Sukumar, head of the Cybersecurity Governance Initiative. Internet of the Observer Research Foundation. "The breach is remarkable for its breadth, even though the information exposed by itself may not be useful."

Due to Google's privacy policy for accounts, Google could not disclose compromised accounts' personal data and informed any of its users of the data exposure.

"We are very concerned about the information on why Google chose not to report the incident to users," said Raman Jit Singh Chima, director of policy at Access Now, an international rights group. Nonprofit. "Avoiding regulatory scrutiny or any issue of decision makers is not a legitimate reason for Web businesses to deny users information about potential vulnerabilities and breaches of privacy."

Attempts by the Ministry of Electronics and Information Technologies to address this problem were unsuccessful. On Wednesday, there was no mention of any investigation being conducted by the Indian authorities on this matter. Earlier incidents, such as the Cambridge Analytica case, have led to investigations that are still ongoing.

Why Alphabet decided to close Google+?

Google + was launched about seven years ago. This had a good start, with nearly 111 million active users, but could not keep this interest too long, losing sight of other social media apps like Facebook and Twitter. A study by a Google+ user found that only 9 percent of the Google+ platform's two billion profiles had publicly published content, as reported on Dailydot, a digital media company.

"It has not been adopted by many users or developers, and interactions between users and applications have been limited," said Ben Smith, of Google, in his blog.

[ad_2]
Source link