Google discovered a bug in its Google Plus People API. Explaining this bug, Google said, “With this API, users can grant access to their Profile data, and the public Profile information of their friends to Google+ apps. Now the bug in this API allowed access to private Profile fields of users to the Google+ apps. Around 438 apps could have used this API, states Google.
What personal data was vulnerable?
The vulnerable data includes Profile name, email address, occupation, gender and age. “It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content,” claimed Google.
How many users were affected and what happens next?
“The Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.” Here is everything you need to know about the security vulnerability. Google confirmed in its statement that “it found no evidence that any developer was aware of this bug, or abusing the API, and it found no evidence that any Profile data was misused.” However, it cannot confirm which users were impacted by this vulnerability.
Why did Google hide the security vulnerability?
Google claims that it had fixed that bug in March this year. However, it had kept quiet about it until now. Google states that it was legally not bound to share this vulnerability as there were no breach.