Google+ to shut after huge security breach
Personal details of half a millions users could have been affected by breach company failed to report
Google covered up a gaping security hole that exposed the personal data of half a million internet users, it emerged last night. Hundreds of apps were allowed to access sensitive data – including people’s jobs, ages and location information – through Google+, its social networking site. Google discovered the vulnerability in March but failed to reveal it, fearing that announcing the bug would draw unwanted scrutiny from politicians and regulators.
GOOGLE covered up a gaping security hole that exposed the personal data of half a million internet users, it emerged last night.
Up to 500,000 people may have been affected by the flaw, which let hundreds of applications access sensitive data including people’s jobs, ages and location information.
There is no suggestion that any credit card or bank information was exposed, but revealing private information about individuals can leave people vulnerable to fraud. Google discovered the vulnerability in March but failed to reveal it until last night after reports emerged that it feared announcing the bug would draw scrutiny from politicians and regulators.
An email shared among senior Google executives and lawyers said that revealing the issue would lead to “immediate regulatory interest” and mean its chief executive, Sundar Pichai, being forced to give evidence in Washington.
Last night, the company announced that it was shutting down its social network, Google+, which was the source of the flaw. Users’ details were exposed due to an error in a feature that let people link their Google+ profile with other applications.
It allowed details to be accessed by the apps even when users had demanded their data be kept private.
Google said up to 438 external apps, could have exploited the flaw. Only people who entered information such as their name and birthday on their Google+ profile, and added friends on the social network will have been affected. The bug is related to how apps collected data from the friends of people with Google+ profiles.
The vulnerability was similar to the way in which the British data firm Cambridge Analytica accessed the information of millions of Facebook users.
Revelations about the scandal threw Facebook into crisis and Google feared that going public about its own flaw would invite comparisons to Facebook.
A Google memo seen by The Wall Street Journal said that revealing the flaw would mean it “coming into the spotlight alongside or even instead of Facebook, despite having stayed under the radar throughout the Cambridge Analytica scandal”.
Google said it had not revealed the problem because it had no evidence that any application developer had discovered the vulnerability, or that it had been misused. However, it said it had decided to shut Google+.
The social network has been widely perceived as a failure. Millions of Britons are believed to have Google+ accounts, since profiles are automatically created when users set up a Gmail email account.
Despite being rarely used, profiles often have a significant amount of personal
‘Immediate regulatory interest … despite having stayed under the radar on Cambridge Analytica’
data about people because the service is linked to other Google services such as email. Google said that people’s email addresses may have been exposed by the flaw but that the contents of emails had not been.
The company said last night it could not identify which individuals had been exposed since it automatically deleted data about which apps access users’ profiles every two weeks. As a result, it will be unable to alert users that may have been affected.
The Information Commissioner’s Office and GCHQ were approached for comment last night.
Facebook will pay just £7.4million in tax in the UK this year on an income of £1.2billion. The social media giant’s tax bill has tripled to £15.8million, but it will get a tax relief of £8.4million after awarding shares to employees. The company’s profits only climbed by £4million year-on-year from £58.4million to £62.7m in 2017.