Earlier, Google was found to have leaked 500,000 user data between 2015 and March 2018, but Google chose to report it instead of making it public.
The reason for the data breach at the time was the problem with the Google+ API interface, which external developers can use to directly read user private data. Google+ is a very active social networking site, just in time for the data breach, so Google decided to close the Google+ site directly.
At the same time, based on the last reported data leaks, it was discovered that Google chose to directly disclose the accidents so as not to be more severely punished by the relevant regulatory authorities.
Google’s official blog just released a message revealing that Google’s software update launched in November is vulnerable, and the affected is still the Google+ API interface.
The vulnerability was discovered by Google six days later and quickly fixed. Google said it has confirmed that it affected about 52.5 million Google+ users. External developers can use the wrong interface to directly read the user’s name, occupation, email address, age, company and department, and residence address.
Even if the user fills in the above information but is set to non-public, it will also be read, but financial data, passwords and other key information cannot be stolen. Google said that after careful investigation, there is no evidence that developers exploit the above vulnerabilities, so private data is still safe for users.
Previous data breaches caused Google to completely shut down versions of regular users to Google+ but retaining enterprise users in August 2019. Google said that with the emergence of this new security issue, the company decided to accelerate the closure of Google+, and the full closure time will be advanced to April 2019.
At the same time, in the next 90 days, Google will gradually close the call of the Google+ API interface, and Google has begun to send emails to all developers to notify. In addition, in the next few months, Google will provide users with data backup and download functions, and users will be able to save all their data in advance.
This security issue also affects Google+ enterprise users, and Google is currently using the domain user list to notify affected enterprise user administrators. At the same time, the Google+ feature for businesses will not be closed. Google said that it will reiterate the decision to continue investing in Google+ Enterprise Edition.
Finally, Google said it will continue to invest in privacy protection to improve the internal privacy review process, interacting with researchers to obtain security support to protect everyone’s privacy.