Google Plus API BUG Exposing 52.5 Million Users

Google Plus Shutting Down
Google Plus Shutting Down

Google Plus API BUG exposing 52.5 Million users and give permission to view profile information.

Google has decided to expedite the shut-down of all Google+ APIs, this will occur within the next 90 days, with the discovery of this new bug.

Google Plus is an Internet-based social network that is owned and operated by Google. It’s total 111 Million active users and launched in June 28, 2011.

We have reported earlier, Google announced that it was shutting down Google+ for consumers, citing low user engagement and a software error.

Previously breach including, Name, age, gender, occupation and Email Id’s were compromised in the security breach. From that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Now its officially confirmed that the API bug impacted approximately 52.5 million users.

Now new Bug is allowing cyber attackers to view Google plus users profile even if it is set to private.

However, Google said that there is no passwords, financial data, national identification numbers or any other sensitive data were left exposed by this Google plus API bug.

According to Google blog, the details about the bug and investigation are as follow-

“Our testing revealed that a Google+ API was not operating as intended. We fixed the bug promptly and began an investigation into the issue.

Our investigation into the impact of the bug is ongoing, but here is what we have learned so far:

  1. We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
    With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age were granted permission to view profile information about that user even when set to not-public.
  2. In addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
  3. The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
  4. No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.

We have begun the process of notifying consumer users and enterprise customers that were impacted by this bug. Our investigation is ongoing as to any potential impact to other Google+ APIs.”

“We will sunset all Google+ APIs in the next 90 days. Developers can expect to hear more from us on this topic in the coming days”

Google plus is going to complete shut down in August 2019.

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Facebook’s 50 Million Users Were Affected By Security Breach

50 million Facebook users data breached and additional 40 million users potentially...
Read More

Leave a Reply