Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Software News (https://www.overclock.net/forum/226-software-news/)
-   -   [Ars] [Updated] Google+ shutting down after data leak affecting 500,000 users (https://www.overclock.net/forum/226-software-news/1710300-ars-updated-google-shutting-down-after-data-leak-affecting-500-000-users.html)

tpi2007 10-09-2018 06:20 PM

[Ars] [Updated] Google+ shutting down after data leak affecting 500,000 users
 
Quote:

Google exposed the private details of almost 500,000 Google+ users and then opted not to report the lapse, in part out of concern disclosure would trigger regulatory scrutiny and reputational damage, The Wall Street Journal reported Monday, citing people briefed on the matter and documents that discussed it. Shortly after the article was published, Google said it would close the Google+ social networking service to consumers.

The exposure was the result of a flaw in programming interfaces Google made available to developers of applications that interacted with users’ Google+ profiles, Google officials said in a post published after the WSJ report. From 2015 to March 2018, the APIs made it possible for developers to view profile information not marked as public, including full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status. Data exposed didn’t include Google+ posts, messages, Google account data, phone numbers, or G Suite content. Some of the users affected included paying G Suite users.
Quote:

The Google post said analysts found no evidence the API bugs were actively exploited by developers. But the post also said that, to ensure privacy, the company destroys most Google+ logs after two weeks. According to the WSJ, an internal memo acknowledged there was no way to know. People who have used Google+ during the time the bugs were active should assume any exposed data is publicly available.
(Bold and underlined for emphasis)

Source.



Update:

[Ars] Senators to Google: Why didn’t you disclose Google+ vulnerability sooner?

Quote:

Three United States senators have demanded that Google provide answers about its recent disclosure of a security breach in its Google+ social network that led to its closure. Google only came forward after the Wall Street Journal broke the story on October 8.

So far, one federal proposed class-action lawsuit has been filed in the wake of the episode.

(...)

Quote:

Please describe in detail when and how Google became aware of this vulnerability and what actions Google took to remedy it.

Why did Google choose not to disclose the vulnerability, including to the Committee or to the public, until many months after it was discovered?

Are there similar incidents which have not been publicly disclosed?



Please provide a copy of Google's internal memo cited in the WSJ article.


Given their active stance on Project Zero, exposing other companies' bugs, it will be interesting to see how Google responds (they have to until Oct 30).

Stealth Pyros 10-09-2018 09:21 PM

I wonder if this is why, out of nowhere, I went from having absolutely 0 junk e-mails in my GMail to 500+ at a time.

termathor 10-10-2018 02:46 AM

Quote:

Originally Posted by Stealth Pyros (Post 27660222)
I wonder if this is why, out of nowhere, I went from having absolutely 0 junk e-mails in my GMail to 500+ at a time.

Most likely, yes, mate. Someone got the data and made something of it ...

xJumper 10-10-2018 08:24 AM

Can't say I'm surprised. For all their game changing services and the pedestal people put them on, Google has quite an extensive sea of failed projects even in recent history; to which they can now add to with this. If they scuttled it over the data breach than that is indeed pretty dirty tricks at play.

adamkatt 10-10-2018 08:36 AM

Do people even use Google+?

Assirra 10-10-2018 01:15 PM

Quote:

Originally Posted by adamkatt (Post 27660902)
Do people even use Google+?

I dont' think they use it but pretty sure it was/is a requirement to post a comment on youtube.

ku4eto 10-10-2018 01:27 PM

Quote:

Originally Posted by Assirra (Post 27661382)
I dont' think they use it but pretty sure it was/is a requirement to post a comment on youtube.

Nope. As long as you have Google account, or had Youtube account, you can post.

Thingamajig 10-10-2018 03:11 PM

The bigger the company, the harder they fall......(and, consequently, less you can trust them)

Google crossed that threshold for me 10 years ago. Been boycotting all their services since.

doritos93 10-10-2018 04:30 PM

I like that someone somewhere had to declare that fixing this vulnerability would be more costly than what Google+ can generate in revenue lol

Assirra 10-10-2018 05:13 PM

Quote:

Originally Posted by ku4eto (Post 27661412)
Nope. As long as you have Google account, or had Youtube account, you can post.

Ah just looked it up, seems this was removed in 2015.


All times are GMT -7. The time now is 06:24 PM.

Powered by vBulletin® Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.