Google Accelerates Google+ Shutdown After New Bug Discovered

The consumer version of Google+ will now be shut down in April instead of August after a bug was found that impacts at least 50 million users.

The discovery of a new API bug in Google+ has led Google to hasten the shuttering of its consumer version of the social-networking platform, the tech giant said Monday.

Google was already in the process of shutting down Google+ after a different API software bug in the platform, disclosed in October, left the company embroiled in a privacy scandal. However, the discovery of this newer bug – which impacts a whopping 52.5 million users – has now led the tech company to move up the timetable for discontinuing its platform.

“With the discovery of this new bug, we have decided to expedite the shutdown of all Google+ APIs; this will occur within the next 90 days,” said David Thacker, vice president of product management for Google’s G-Suite, in a post. “In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users.”

The most recent bug was addressed by Google in a November software update. It allowed apps requesting permission to view users’ Google+ profile information – including their name, email address, occupation, age and more – to gain full permissions, even when the user was not public.

The bug also enabled apps that had access to a user’s Google+ profile data to also access non-public profile data shared between two Google+ users.

“We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced,” Thacker said. “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

Google first found itself in hot water after a software bug in an API for the social site was discovered by Google’s own internal security team this spring. That bug allowed outside developers to access private Google+ profile data. The bug was in play between 2015 and March 2018, when Google found and fixed the issue.

Google faced backlash when the security incident came to light in October, because it did not make the issue public when first discovered. In fact, the tech giant said nothing about the bug until news broke in the Wall Street Journal outing the vulnerability.

In response, Google said at the time that it would be shuttering Google+ for consumers over the next 10 months.

“We want to give users ample opportunity to transition off of consumer Google+, and over the coming months, we will continue to provide users with additional information, including ways they can safely and securely download and migrate their data,” Thacker said.

Suggested articles

Discussion

  • Steve on

    I'm curious if Google Apps For Education (GAFE) users are included in the data breach.. My understanding is that by default, all GAFE users have access to Google+ unless the domain is setup otherwise.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.