Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019.
Google said it discovered another critical security vulnerability in one of Google+’s People APIs that could have allowed developers to steal private information on 52.5 million users, including their name, email address, occupation, and age.
The vulnerable API in question is called “People: get” that has been designed to let developers request basic information associated with a user profile.
However, software update in November introduced the bug in the Google+ People API that allowed apps to view users’ information even if a user profile was set to not-public.
Google engineers discovered the security issue during standard testing procedures and addressed it within a week of the issue being introduced.
The company said it found no evidence that the vulnerability was exploited or its users’ data was misused by any third-party app developers.
images from Hacker News