The Wall Street Journal has reported how a Google+ data breach led to external developers being able to get hold of private details belonging to thousands of the tech giant’s users.
The breach, which occurred between 2015 and March 2018, was not reported to the public by Google. The popular search engine says this is because of fears of high-profile penalties and reputational damage that would follow.
Google employees were instructed not to keep the data breach a secret, according to a memo cited by the Wall Street Journal which also divulged Google’s fears of being seen in the same light as Facebook – another tech giant that has been in the headlines in recent times thanks to its inability to keep private data safe.
The Facebook-Cambridge Analytica scandal made global news earlier on this year when it was revealed that the British-based data analysis firm had harvested the details of millions social media site’s users without their consent and had targeted those users with pro-Trump propaganda in the run-up to the US presidential elections.
As far as the exposed users of Google+ are concerned, details made public include names, email addresses, real addresses, genders, profile images, job titles and relationship statuses.
It’s another unwanted feather in Google’s data breach cap. The company was also at the centre of a major class action case in the UK after the private details of 4 million users were taken for user-specific advertising. However, the case was blocked in the High Court.
This latest breach concerning Google+ came to light in March 2018 following an audit of the social platform’s APIs carried out by a group codenamed Project Strobe. It was discovered that a glitch in the API may have enabled external developers to get hold of the information of 496,951 Google+ users whom had only given consent for their data to be shared with their friends on the online platform.
More details of the breach are anticipated to be announced next week, including, Wall Street Journal says, plans to shut Google+ down.
The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.
Ahead of the end of year event, DPWF has launched a series of intensive workshops.
Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/