Jump to content

2018 Google data breach

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Telemachus12389 (talk | contribs) at 13:43, 5 December 2021 (Edit responses and news coverage sections). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Google+
PredecessorGoogle Buzz
SuccessorGoogle Currents
Formation28 June 2011
FounderVic Gundotra
Dissolved2 April 2019
ServicesSocial Media Network

The 2018 Google data breach was a major data privacy scandal where the Google+ API exposed the private data of over five million users.[1]

Google+ managers first noticed harvesting of personal data in March 2018 [2], during a review following the Facebook–Cambridge Analytica data scandal.

The bug, though fixed immediately, exposed the private data of approximately 500,000 Google+ users to the public.[3]

Google did not disclose the leak to users of the network.[4]

During November 2018, another data breach occurred following an update to the Google+ API. Although Google found no evidence of misuse, approximately 52.5 million non-public profiles were potentially exposed.[5]

In August 2019, Google announced the shutdown of Google+ due to low use and technological challenges.[6][7][8]

Overview of Google+

Google+ was launched in June 2011 as an invite-only social network,[9] but was opened for public access later in the year.

Google+ was managed by Vic Gundotra.[10]

Similar to Facebook, Google+ also included key features Circles, Hangouts and Sparks.

  • Circles let users personalise their social groups by sorting friends into different categories. Once allowed into a Circle, users could regulate information in their individual spaces.[11]
  • Hangouts included video chatting and instant messaging between users.[12]
  • Sparks allowed Google to track users' past searches to find news and content related to their interests.[13]

Google+ was linked to other Google services, such as YouTube, Google Drive and Gmail, giving it access to roughly 2 billion user accounts.[14]

However, less than 400 million consumers actively used Google+, with 90% of these users using it for less than five seconds.[15]

The breaches

In January 2018, a formal assessment of third-party developers and app access to Google accounts was created named Project Strobe.[16]

Through this project, privacy platforms were examined and tightened as consumers were concerned of data privacy. Google Project Strobe constructs a review on consumer's profiles, identifying what parts of a profile third-party developers are able to access. Many third-party apps use Google+ as a service to improve communication, working life and online experience. In March, the analysis of Application Programming Interfaces (API) showed a data breach within the Google+ People API where external apps acquired access to Profile fields that were not marked as public.[3]

Google found that there was no evidence of any user's personal information being misused. A detailed analysis identified that 500,000 Google+ accounts were included in this data breach which was capable of allowing 438 external apps without authorisation to private users names, emails, addresses, occupations, gender and age.[3] This information was able to be accessed by third-party apps between 2015 and 2018.[17] There was no evidence found that any of this information was misused, and Google is not able to confirm which particular users profile data was accessible or impacted. There was no evidence found that any third-party app developers were aware of this profile leakage and abused this.

In November 2018, a software update created another data breach within the Google+ API.

The bug impacted 52.5 million users[18] where, similarly to the past data breach, apps were able to access Google+ profiles without consent displaying name, email address, occupation and age. Apps were not able to access information relating to financial, national identification numbers or passwords. Google+ blog posts, messages and phone numbers also remained inaccessible if displayed as private information. Dissimilar to the last data breach, access was granted for six days before Google+ gained knowledge of the data leakage and was able to rectify the problem. Google+ found no evidence of misused data by third-party developers and consumers were granted access for six days before Google+ was able to rectify the problem, however they found no evidence of misuse and an announcement of the leakage was made to Google+ consumers.

News coverage

In October of 2018, the Wall Street Journal published an article outlining the initial breach and Google's decision to not disclose it to users.[19]

They advised the public that the data breach had occurred between 2015 and 2018 through a leakage in the API software where third-party apps were able to access private information. There is no federal law that requires Google to inform their consumers of data breaches. Google+ originally did not disclose the breach in fear of comparison to Facebook's data leakage and loss of consumer confidence.[4]

In response to the article, Google announced the permanent shut down of all consumer functionality in August 2019. After the second data leakage this date was accelerated and moved to April 2019.

On 8 October 2018, a Google Blog post described the first data leakage and the shutdown of Google+, written by Ben Smith, the Vice President of Engineering within Google.[16]

Following the second data breach, Google Blog posted an article written by the Vice President of Product Management, David Thacker, on December 10, 2018.[20]

This article indicated that Google+ APIs would be shutting down within the next 90 days and the acceleration of the closing of Google+. Both articles provide a detailed explanation of each data breach, the ramifications for Google+ and ensured consumers on the privacy and reliance on Google of consumer data.

Responses

In response to the data breach, enterprise consumers were notified of the impact of the bug and given instructions on how to save, download and delete their data prior to the Google+ shut down.

Google's Privacy and Data Protection Office found no misuse of user data.

Immediate ramifications

Prior to the Google+ shutdown, Google set a 10-month period where users could download and migrate their data. After the 10-month period, user content was deleted.

On 4 February 2019 consumers were no longer able to create new Google+ profiles.[21]

Google shut down Google+ APIs on 7 March 2019 to ensure that developers do not remain reliant on these APIs prior to the Google+ shutdown.[7][17]

Share price impact

Google is the principal entity owned by its parent company, Alphabet Inc.

After the data breach, Alphabet Inc. share prices fell by 1% to $1,157.06 on 9 October 2018 after an earlier drop of $1,135.40 that morning, the lowest price since 5 July 2018.[22]

After the publication of The Wall Street Journal article, share prices dropped as low as 2.1% in two days on 10 October 2018. Share prices steadily increased from this point and met the 8 October 2018 share price on 5 February 2019.[23]

Rebuilding Google+

Google planned to rebuild Google+ as a corporate enterprise network.[24]

Google Play will now assess which apps can ask for permission to access the user's SMS data. Only the default app for telephone distribution is able to make requests.

Prior to the data breaches, apps were able to request access to all of a consumer's data simultaneously. Now, each app must request permission for each aspect of a consumer's profile.

References

  1. ^ Snider, Mike (1 February 2019). "Google sets April 2 closing date for Google+, download your photos and content before then". USA TODAY. Retrieved 12 May 2019.
  2. ^ Newman, Lily Hay (12 October 2018). "A New Google+ Blunder Exposed Data From 52.5 Million Users". Wired. ISSN 1059-1028. Retrieved 12 May 2019.
  3. ^ a b c "Flaw leads to Google+ shutting down". Network Security. 2018 (10): 3. 2018. doi:10.1016/S1353-4858(18)30095-3.
  4. ^ a b MacMillan, Douglas; McMillan, Robert (8 October 2018). "Google Exposed User Data, Feared Repercussions of Disclosing to Public". Wall Street Journal. ISSN 0099-9660. Retrieved 12 May 2019.
  5. ^ Romm, Tony; Timberg, Craig (10 December 2018). "New Google+ security bug could affect more than 52 million users". The Washington Post.
  6. ^ Thacker, David (10 December 2018). "Expediting changes to Google+". Google. Retrieved 12 May 2019.
  7. ^ a b "Google+ API Shutdown | Google+ Platform". Google Developers. Retrieved 14 May 2019.
  8. ^ "Google's social network is closing". New Scientist. 240 (3199): 4. 2018. doi:10.1016/S0262-4079(18)31819-0.
  9. ^ Fox, Chris (2 April 2019). "Google shuts failed social network Google+". BBC News.
  10. ^ Dieter, Daniel (11 November 2018). "Google+ Case Study: Create a Social Network or Risk Everything". Performance Improvement. 57 (10): 26–36. doi:10.1002/pfi.21826.
  11. ^ Ovadia, Steven (5 December 2011). "An Early Introduction to the Google+ Social Networking Project". Behavioral & Social Sciences Librarian. 30 (4): 259–263. doi:10.1080/01639269.2011.622258. S2CID 62551198.
  12. ^ Golbeck, Jennifer (2015). "Google+". Introduction to Social Media Investigation. pp. 137–149. doi:10.1016/B978-0-12-801656-5.00013-5. ISBN 9780128016565.
  13. ^ Perez, Sarah (November 2018). "Looking back at Google+". TechCrunch. Retrieved 12 May 2019.
  14. ^ "Google+ social media service to shut down after private data of at least 500,000 users exposed". ABC News. 9 October 2018.
  15. ^ Ganjoo, Shweta. "Former Google+ designer explains why Google's social media play failed: it was mostly office politics". India Today. Retrieved 12 May 2019.
  16. ^ a b Smith, Ben (8 October 2018). "Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+". Google Blog. Retrieved 12 May 2019.
  17. ^ a b Burton, Winston (25 October 2018). "Google Plus: Past, Present & Future". Search Engine Journal.
  18. ^ "Expediting changes to Google+". Google. 10 December 2018. Retrieved 12 May 2019.
  19. ^ McMillan, Douglas MacMillan and Robert (2018-10-08). "Google Exposed User Data, Feared Repercussions of Disclosing to Public". Wall Street Journal. ISSN 0099-9660. Retrieved 2021-12-05.
  20. ^ "Frequently asked questions about the Google+ shutdown - Google+ Help". support.google.com. Retrieved 12 May 2019.
  21. ^ Nelson, Alex (7 February 2019). "Google+ shutdown: how to back up photos and data before your account closes". inews.co.uk. Retrieved 12 May 2019.
  22. ^ De Vynck, Gerrit; Nix, Naomi (9 October 2018). "Google Discloses Privacy Security Flaw Kept Quiet Since March". Bloomberg.
  23. ^ Aitken, Roger. "Alphabet 'In The Soup' Over Costs, But Analysts' Average Google Price Target $1,346". Forbes.
  24. ^ "Currents: Have Meaningful Discussions at Work | G Suite". gsuite.google.com. Retrieved 12 May 2019.
Retrieved from "https://en.wikipedia.org/w/index.php?title=2018_Google_data_breach&oldid=1058763143"