The Wall Street Journal has reported how a Google+ data breach led to external developers being able to get hold of private details belonging to thousands of the tech giant’s users.
The breach, which occurred between 2015 and March 2018, was not reported to the public by Google. The popular search engine says this is because of fears of high-profile penalties and reputational damage that would follow.
Google employees were instructed not to keep the data breach a secret, according to a memo cited by the Wall Street Journal which also divulged Google’s fears of being seen in the same light as Facebook – another tech giant that has been in the headlines in recent times thanks to its inability to keep private data safe.
The Facebook-Cambridge Analytica scandal made global news earlier on this year when it was revealed that the British-based data analysis firm had harvested the details of millions social media site’s users without their consent and had targeted those users with pro-Trump propaganda in the run-up to the US presidential elections.
As far as the exposed users of Google+ are concerned, details made public include names, email addresses, real addresses, genders, profile images, job titles and relationship statuses.
It’s another unwanted feather in Google’s data breach cap. The company was also at the centre of a major class action case in the UK after the private details of 4 million users were taken for user-specific advertising. However, the case was blocked in the High Court.
This latest breach concerning Google+ came to light in March 2018 following an audit of the social platform’s APIs carried out by a group codenamed Project Strobe. It was discovered that a glitch in the API may have enabled external developers to get hold of the information of 496,951 Google+ users whom had only given consent for their data to be shared with their friends on the online platform.
More details of the breach are anticipated to be announced next week, including, Wall Street Journal says, plans to shut Google+ down.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.