This week, the Wall Street Journal exclusively revealed data breaches on Google’s social networking sites, and Google chose to hide it instead of showing details.
According to the survey, a total of 438 applications use the vulnerability of the Google API interface to read user information, including personal data such as personal data and contacts.
In the end, Google believes that there may be 500,000 user users affected by the vulnerability, but Google also thinks that there is no evidence that the data has been stolen.
Why did Google choose to report data breaches:
The objective reason is that Google only keeps the call log for external applications for two weeks, so the corresponding call situation is automatically cleared out after two weeks.
So Google doesn’t know which users are affected by the vulnerability and can only estimate it, and don’t know if there is any data that has been stolen.
The subjective reason is that the Google Privacy and Protection Office believes that if the details are disclosed in public, it will have a negative impact on Google, so it is decided not to reveal it.
The EU and the US began investigating data breaches:
According to the General Data Protection Regulations in force in the EU, the GDPR will be severely fined even if it is not reported, and the fines may be more serious now.
Two existing member states in the EU region have announced a survey of Google’s data breaches, and according to the new regulations, Google is subject to billions of dollars in fines.
Some states in the United States have also begun to investigate Google’s data breaches, and Google’s report of data breaches is unacceptable.