Skip to main content

Google’s big data leak: Google+ shuts down as nearly half a million accounts compromised

Google data leak: Google+ is shutting down after 500k accounts were compromised, and the company is introducing more controls over Gmail, and how third-party app collect user data on Android

Google has confirmed that it is shutting down Google +, a social network that was launched to rival Facebook, but failed to make an impact. However, the big news is not that Google+ is finally shutting down, which seemed inevitable, but that Google hid the data leak that has compromised nearly 500,000 accounts.
According to a Wall Street Journalreport, Google found the software bug in its API in March 2018, though it had existed since 2015. The company also decided against reporting the incident because it “trigger immediate regulatory interest”, adds the report. WSJ quoted from an internal memo that was reviewed by Google’s legal and policy team and took the decision not to report the problem. CEO Sundar Pichai was kept in the loop on this decision.

The report says Google was worried that making this issue public would lead to comparisons with Facebook and the Cambridge Analytica scandal.
Google finally put out a blog post highlighting the issue, but its move is likely to invite more criticism and scrutiny, especially since the company has admitted it does not even know which accounts were impacted.
An internal security team – called Project Strobe – at Google discovered the issue with Google+ and other privacy problems on products like Gmail and Android.  Project Strobe carried out what Google calls a “root-and-branch review of third-party developer access to Google account and Android device data.”
It also looked at areas where developers may have been granted overly broad access, which has been a problem on Android for quite sometime.  So what has happened in Google’s data leak? Here’s everything we know so far.
Google data breach, Google data hacked, Google Plus data hacked, google data breach, google data breach 2018, google data breach case, google data breach policy, data breach google, google+, google data leak, google data leak 2018, google data exposed, google user data breach, google data leak news, google newsGoogle found the issue with G+ back in March 2018. (Image source: Bloomberg)

Google+ data leak: What happened?

The big takeaway for now is that Google+ is shutting down, but only the consumer version. An enterprise version will continue to exist.  A review of APIs associated with Google+ revealed serious security flaws, and one bug in particular granted app developers access to user profile fields, which were not marked as public.
Essentially data which was supposed to be limited to friends and circles, could also be accessed by some app developers.  In their Google+ profile, users can grant access to their Profile data and information from the public profiles of their friends to Google+ apps. The software bug was found in one of the Google+ People APIs.
While Google insists that 90 per cent of Google+ user sessions are less than five seconds, the problem is that everyone with a Gmail or Google account automatically has a G+ account. Many users might not even remember they have a G+ account.
Google claims this data is just Profile fields like name, email address, occupation, gender and age.  It insists that other data that users posted to Google+, or any other service, has not been leaked. The company has said that Google+ posts, messages, Google account data, phone numbers or G Suite content had remained safe.
The company admits they found the bug in March 2018, but says they found no misuse of the data by app developers.
Google data breach, Google data hacked, Google Plus data hacked, google data breach, google data breach 2018, google data breach case, google data breach policy, data breach google, google+, google data leak, google data leak 2018, google data exposed, google user data breach, google data leak news, google newsGoogle did not report the data leak fearing scrutiny similar to Facebook and the Cambridge Analytica scandal. (Image source: Reuters)

Google data leak: How many users are impacted?

Google admits that with this particular API, they only kept the log data for two weeks, which means they cannot confirm the user accounts impacted by this bug.  Estimates from the company claim up to 500,000 Google+ accounts were potentially affected.
Close to 438 applications may have used this API.  Google also insists there is no “evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” according to the blog.
The company insists that its “Privacy & Data Protection Office” has also reviewed the problem and found no evidence of misuse. Once again since Google is not even sure which accounts were impacted, users might not be even know if their account was compromised.
Google has not even named the apps using this data to give users a clearer view of the whole situation.

So why is Google+ shutting down?

Google claims that their review highlighted there are major challenges in maintaining their ‘social network’, and that because of the low usage, they have decided to end the consumer version of site.
Google+ will start winding it down over 10-month period, which will be completed by August 2019. Consumers will be given more information on how they can download and migrate their data. Google+ also has an enterprise version, and the company claims it is better.
“We’ve decided to focus on our enterprise efforts and will be launching new features purpose-built for businesses,” notes the blog post.
Google data breach, Google data hacked, Google Plus data hacked, google data breach, google data breach 2018, google data breach case, google data breach policy, data breach google, google+, google data leak, google data leak 2018, google data exposed, google user data breach, google data leak news, google newsWhat app permissions look like right now on Google accounts.

Google data leak: What about data shared with apps?

It looks like Google is tackling the issue and will launch more “granular” account permissions that will show in individual dialog boxes. So when you give an app access to your Google Account data in the future, there will be more control over what data you can choose to share.
In the current settings when you give an app permission to access your Google account, all requested permissions are shown in a single screen and granted.
In the future, third-party “apps will have to show you each requested permission, one at a time, within its own dialog box,” notes the blog.
The user will have control over which ones they do not wish to share. So if an app wants access to your calendar and Drive documents, you can decide not to share one. Each permission will have to separately approved by the user.
Google data breach, Google data hacked, Google Plus data hacked, google data breach, google data breach 2018, google data breach case, google data breach policy, data breach google, google+, google data leak, google data leak 2018, google data exposed, google user data breach, google data leak news, google newsWhat data permissions will look like in the future.

Google data leak: What about Gmail and third-party app access?

In July this year it was reported that Google may have let third-party app developers read private messages in Gmail. The Wall Street Journal had said that third-party app developers were allowed to go through Gmail messages under the guise of offering users better products and services.
Some of these app companies relied on machines to sift through the messages, while others had employees going through emails of users. The issue despite Google’s promise in 2017 that it would stop reading user messages, and was seen as a major privacy breach.
Now, Google has come out to say it will limit the type of use cases permitted for apps when they are granted access to Gmail by a user. The “User Data Policy” for the consumer Gmail API will be updated and it will limit the apps that seek permission to access consumer Gmail data.  All the app developers and their companies will have to agree to the new rules on handling Gmail data.
“Apps that can improve email functionality—such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)—will be authorised to access this data,” notes the blog post.
Google data breach, Google data hacked, Google Plus data hacked, google data breach, google data breach 2018, google data breach case, google data breach policy, data breach google, google+, google data leak, google data leak 2018, google data exposed, google user data breach, google data leak news, google newsGoogle is also strengthening security on Gmail and data access on Android (Image source: Reuters)

Google data leak: Limiting apps from Call Log, SMS on Android

Google is finally addressing the issue of apps on Android accessing Call Log and SMS data. Google’s findings showed that even when users grant these kinds of permissions they have certain uses in mind for each app.
One of the problems on Android has been that every single app wants access to SMS, call logs and contacts, even when some of them do not require it for their basic functioning. On iOS for instance, Apple has a much stricter approach, and not all apps cannot demand access to Call Log data with such ease.
The company is finally limiting apps from getting Call Log and SMS permissions on Android devices.  It will also deny “contact interaction data”, which was earlier available via the Android Contacts API. Google Play will start limiting which apps are allowed to get these permissions in the future.
What is not clear is how soon this will be implemented.
“Only an app that you’ve selected as your default app for making calls or text messages will be able to make these requests,” notes the blog, though apps like voicemail and backup apps, will be exceptions to this rule.
Earlier Android Contacts API could also get permission for interaction data, like most recent contacts on a messaging app. Going forward this information will be removed in the API.
Again the blog mentions this will take place within the next few months, and no specific timeline has been set. Google is promising “additional controls and updated policies across more APIs.”
Google data breach, Google data hacked, Google Plus data hacked, google data breach, google data breach 2018, google data breach case, google data breach policy, data breach google, google+, google data leak, google data leak 2018, google data exposed, google user data breach, google data leak news, google news

Google Plus issue: What can I do to secure my account?

Google is not sure which accounts were compromised in this Google+ fiasco. However, users can go to their Google account settings, and open their Google Plus profile and delete the G+ account information. In the Google Plus profile, you will see the Settings option on the right Left hand side, just below the notifications tab.
Open the settings for Google+ and keep scrolling down. At the bottom you will see an option to delete your Google+ Profile. Click on that, and Google will ask you sign into your account once again on a separate page. You will then get an option to delete the Google+ account.
Google’s page notes, “Some data will be kept, and some data will be deleted or converted. You may lose access to some services and functionality.” For those who do not remember, Google had linked G+ to YouTube accounts, so keep in mind this will have some impact there.
The page notes, “Your YouTube channel will be kept, along with your videos and playlists. You will continue to have access to YouTube. Some YouTube-related content will be kept, while other content will be deleted.
Google’s page notes, “For content created after November, 2015, the content created on YouTube will be kept, while content created on Google+ will be deleted.”
The details further add,
Any post you created on Google+ about one of your own videos will be deleted from Google+. If it is also visible on YouTube, it will continue to appear on YouTube.
Any comment you created on YouTube in response to a video, which is also visible on Google+ as a Google+ post, will still exist on YouTube but will be deleted from Google+.
Any comment you created on Google+ that is now only visible on YouTube, in relation to a post someone else made about a YouTube video, will still exist on YouTube.
Any +1 that you added on Google+ that is now only visible on YouTube as a like, in relation to a post someone else made about a YouTube video, will still exist on YouTube.
Any other posts, replies, comments or +1s relating to a YouTube video that you created originally on either Google+ or YouTube but which only now appear on Google+ will be deleted. 
Note that deleting your public profile will not affect the status of your Google Account. Your Gmail, Google Docs, Google Drive will remain untouched.

Source:- The indian Express

Comments

Popular posts from this blog

Instagram now tells everyone when you’re active, here’s how to hide it

Another day, another feature nobody asked for. Facebook subsidiary Instagram has now enabled activity status in direct messages: this means that practically all of your friends will now be able to see w hen the last time you were actively using the app was. The feature rolled out as part of the latest updates for  Android  and  iOS  – so at least you know everyone is getting the same deal. In case you were wondering how this looks, Instagram now displays a line indicating the last time a user was active on its platform directly underneath their username. The activity status is currently only visible in direct messages. While some might find this change slightly annoying at first, it is not all that surprizing to see it in the main app. Indeed, Facebook integrated the same feature in its Messenger app ages ago. The good thing about the new addition is that Instagram has given users the option to opt-out from having their activity status visible to everyone. Here’s how...

Asus Zenfone Live L1 Android Go smartphone with 18:9 display launched

Asus ZenFone Live L1 comes with Snapdragon 425 SoC and Android Oreo (Go edition) OS. The Asus Zenfone Live L1 was announced in May this year. It s an entry-level smartphone, which is also the company s first to feature an  Android Go  operating system While the smartphone was launched in Indonesia in May, the company is also making it available in Philippines now, citing at a possible expansion to other markets. This means that there is a good chance that Asus Zenfone Live L1 could come to India as well. The  Asus  Zenfone Live L1 has been priced at PHP 5,995 (Rs 7,600) in the Philippines. It s higher than the Indonesian pricing, which was DR 1,399,000 (Rs 6,750). With possibilities of an Indian launch, we can expect the phone to be priced under Rs 8,000. The phone comes with basic specifications and is available in Space Blue, Rose Pink, Shimmer Gold, and Midnight Black. Also Read No Make in India: Reliance plans to import JioPhone 2 devices a...

Google Brings Responsive Search Ads With Machine Learning Integration

VcTech Last month, Google  announced  sweeping changes to the company’s portfolio of advertisement products by streamlining its offerings such as AdWords, and making it easier for businesses and advertisers to choose the most suitable option for their campaigns. At the Google Marketing Live event today, Google has unveiled new ad marketing tools that come with machine learning smarts, and has announced the integration of ML tools in existing products. Among the key announcements made by Google at the event were improved optimization for responsive search ads, ways to boost impressions and footfalls, and tools to deliver impactful ads on YouTube to name just a few. Responsive Search Ads Responsive search ads combine the relevant ad data and creative input provided by advertisers with machine learning algorithms to maximize the impact of ads. For example, advertisers need to provide headlines and description lines, and the Adwords tool backed by machin...