Northwest Arkansas Democrat-Gazette
Google’s Plus beset by flaws, will close
MOUNTAIN VIEW, Calif. — Google is still having trouble protecting the personal information on its Plus service, prodding the company to accelerate its plans to shut down the little-used social network created to compete against Facebook.
A privacy flaw that inadvertently exposed the names, email addresses, ages and other personal information of 52.5 million Google Plus users last month persuaded Google to close the service in April instead of August, as previously announced. Google revealed the new closure date and its latest privacy lapse in a Monday blog post.
It’s the second time in two months that Google has disclosed the existence of a problem that enabled unauthorized access to Plus profiles. In October, the company acknowledged finding a privacy flaw affecting 500,000 Plus users that it waited more than six months to disclose.
For six days in November, an update to the underlying code of Google Plus meant that apps seeking to access users’ profile information — including their names,
email addresses, occupations and ages — could view that data even if it was “set to notpublic,” Google said in a blog post. Apps could have accessed some non-public profile data that had been shared with a user as well.
Google said that its systems had not been compromised and that there’s “no evidence that app developers” were aware of the bug or “misused it in any way.” But the revelation threatens to sharpen the scrutiny of the company’s chief executive, Sundar Pichai, when he testifies to Congress today.
The security mishap is the latest stumble for Google’s problematic social media offering. In October, Google admitted it had failed for six months to reveal information about a bug that put at risk the data of hundreds of thousands
of users.
Among those looped into those discussions about delaying public notification was Pichai, a person familiar with the matter said at the time. Google said it delayed the release of the information because it was initially uncertain about which users were affected or whether the data had been misused.
In response to its latest findings, Google said Monday that it would shutter its social network in April 2019, five months sooner than it initially announced. The company also said it would inform affected users, including “any enterprise customers.”
“We understand that our ability to build reliable products that protect your data drives user trust,” wrote David Thacker, a vice president for product management at Google. “We will never stop our work to build privacy protections that work for everyone.”
Google discovered its earlier Google Plus security bug in March, the same month that Silicon Valley rival Facebook was facing scrutiny over its role in allowing people affiliated with political consultancy Cambridge Analytica to collect data on 87 million users. That incident prompted demands that Facebook chief executive Mark Zuckerberg testify on Capitol Hill, as he soon did.
The Federal Trade Commission has investigated privacy incidents at Google and other leading technology companies on several occasions. Google signed a consent decree with the FTC in 2011 to settle allegations that an earlier social media platform, Google Buzz, mishandled user data.