For all Google+ users, here coms some bad news. Google has announced to sunset Google Plus as a consequence of its review activity Project Strobe. This Google+ shut down comes in as a consequence of a vulnerability that exposed users’ data. Moreover, Google also attributes this sunset to low user engagements.
Data Leak Due To API Vulnerability Causes Google+ Shut Down
As stated in their blog post, Google plans on sunsetting its social networking platform Google Plus (also Google+). Part of the reason behind this decision is due to a vulnerability that leaked private profile data of hundreds of thousands of customers.
As stated by Ben Smith, Vice President of Engineering at Google announced a bug in Google Plus API exposed private data of around 500,000 user profiles. Although they already patched the bug in March 2018, they still plan for Google+ shut down due to low user engagements and difficulties in maintaining the platform to customers’ expectations.
The decision comes as one of the first four findings of Google’s review/audit process – Project Strobe. Explaining the aim of this project, Smith stated,
“At the beginning of this year, we started an effort called Project Strobe… This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened.”
As for the bug in Google+ API, they state,
“Our review showed that our Google+ APIs, and the associated controls for consumers, are challenging to develop and maintain. Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs.”
This vulnerability resulted in exposure of profile information of users to Google Plus apps. The exposed information did not include any profile posts, messages, phone numbers, or other account data. However, it did leak all public information from the profile fields. This includes usernames, email addresses, gender, age, and occupation.
Complete Sunset Until August 2019 – New Plans For Enterprise Customers
Ben Smith confirmed in the blog post that they already patched the API vulnerability in March 2018 immediately after discovery. Google also confirmed they did not find any evidence of possible exploitations of this bug.
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”
Google practices state that they keep API data log for two weeks only. Thus they cannot confirm the exact users affected by the bug. However, they do mention about 500,000 customers could have exposed their profile data inadvertently to around 438 apps. For this reason, in addition to the decreased user engagements, Google has decided to shut down Google Plus.
“The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.”
Nonetheless, they noticed that Google+ proved better for enterprise use promoting internal secure discussions among coworkers. Thus, they have planned to launch something “purpose-built” for corporate users.
For now, Google has scheduled the overall shut down of the service in the next 10 months – that is – by August 2019. Until then, users can get assistance from Google regarding the download and migration of their data.
What do you think about this Google+ shut down? Were you an avid user of Google Plus? Do share with us your thoughts in the comment section below.
Latest posts by Abeerah Hashim (see all)
- Logitech Options App Vulnerability Could Allow Keystroke Injection Attacks - December 16, 2018
- Researcher Found Samsung User Accounts Vulnerable To CSRF Attacks - December 16, 2018
- Seven WordPress Vulnerabilities Fixed In Version 5.0.1 - December 16, 2018