An API flaw, involving 52,5 million Google+ users, shocks the world
Google came under scrutiny when back in October the industry giant revealed that a bug in the Google+ API exposed data of 500,000 users, due to which the social network was declared to be shut down in 2019. Unfortunately, that was not the end, as, once again, a new report released by Google claims that another data exposure touched around 52,5 million Google+ users.
Cybersecurity engineers in Google discovered a critical security vulnerability that was related to one of the APIs (application programming interface), named “People:get”, and resulted in exposure of name, email address, age and profession of 52,5 million individuals.
The bug in the API could have resulted in a serious consequences in case cybercriminals would manage to get their hands on it. However, Google claimed that there was no evidence found of such activity:
No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.
The initial ordeal put the plans of discarding the Google+ in August 2019, but now that plans changed and the platform is now due to shut down in April next year. Seemingly, the company is looking forward to creating a similar social network variant that concentrates mostly on business matters.
The bug was found while performing a check
The security flaw was discovered in March 2018 by experts while performing a casual test. Moreover, the bug gave permission to access information such as:
- email address.
Nevertheless, such data could have been exposed despite the fact that the users' accounts were set to non-public. Some good news is that no passwords or credential details were given access to, according to Google:
The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
Unfortunately, some security researchers speculate that the flaw might have been leaking users' data since 2015. Google has started informing its users who might have been the victims of the bug, while they are still investigating the incident.
As already mentioned, Google+ will be shut down in approximately 90 days, and, in the meantime, the company will be informing all users about all changes to terms and conditions and additional details.
Security flaw-related data breaches are not an uncommon occurrence
The previous data breach that resulted in 500,000 was unfortunately not the last one. The bug in the API seems to be a serious problem, as it appears to be happening the second time already.
Furthermore, bugs related to the API are not an uncommon occurrence. Last year, T-mobile also experienced a similar data breach which touched a lot of people. Such flaw left sensitive information unprotected and accessible to random individuals. The vulnerable API was used to expose the personal details of numerous T-mobile users. Unfortunately, hackers were allowed to access even those accounts that were protected with more advanced technology such as two-factor authentication.
However, talking about online safety, you can prevent hackers from entering your online accounts if you keep your data properly secured. When creating a specific account on the Internet, make sure that you add strong and reliable passwords, choose the two-factor authentication option, and provide as less sensitive details, such as passport number, credentials, residence place, as possible.