500,000 Google+ user privacy data was leaked, Google announced a permanent shutdown

According to a report by the Wall Street Journal on Monday, Google leaked nearly 500,000 Google+ users’ privacy data due to API design flaws but chose not to report the mistake, in part because of concerns about regulatory review and reputational damage.

Shortly after the Wall Street Journal article published, Google in its technology blog posted an article, about the progress of the Project Strobe this work, and referred to in order to protect the user’s data, Google is currently being continually improve third-party API, and said The Google+ social networking service would be permanently closed for consumers .

According to the Wall Street Journal, Google CEO Sundar Pichai had previously known that user data was leaked, but still decided not to disclose it publicly. Google analysts believe that the impact of API errors before they are fixed has not been confirmed, and exposure of 496,951 users’ data is not appropriate.

Google revealed in a blog that a project called Project Strobe was launched early this year to investigate whether developers using their APIs might gain excessive permissions and violate user privacy.

Google has covered a total of four survey results in the article. One of them was to investigate all the APIs related to Google+, and found that there is a bug in Google+’s API (Google+ People API) that allows apps to access profile fields that users share but are not marked as public, including names. Email, date of birth, occupation, gender, age, but does not include other more private data such as phone calls, Google+ posts, and posts. Google said it had fixed this error in March 2018 and is estimated to affect up to 500,000 people. However, during the period from 2015 to March 2018, external developers can potentially access non-public data of user accounts.

Google said there is no evidence that the application developer knows the bug or abused the API, and there is no evidence that the user’s profile data has been misused.

Because these APIs may be vulnerable, and Google+ usage is very low (Google’s original words: Google+ consumer version usage is very low), Google decided to close the consumer version of Google+ but will provide users with ten months. The transition period will not be officially closed until August next year and will allow users to download or migrate data.

However, Google found that corporate users believe that Google+ is valuable and can become an internal discussion platform that can be controlled by the central government so that it will be transformed into enterprise services and develop new features for them.