google leak

In the era of Facebook, Whatsapp, Twitter, Snapchat, we have forgotten one of the league, Google+, the competition with which led to advancement in features of our favorite social networking sites.

Google owned social networking platform has all of a sudden become highly discussed topic in past week. The reason being, the owners have decided to shut down the service because of a bug found in one of its application programming interface (API), which has compromised nearly half a million user accounts. Now, before discussing the details of the big data leak, let’s first look upon a brief history of Google+.

Google+ is the company’s fourth attempt in the world of social networking. Launched on 28th June ’11,  service became a huge hit in its initial period with creation of about 10 million user accounts in just 2 weeks, reaching the count of 90 million by the year end. With features like creating public profiles, organizing your friends list into groups called ‘circle’ to linking the account to various background apps, Google+ offered a wide range of features to its users. But the platform couldn’t manage to keep the rapport with its consumers for long and ended up in giving its almost entire market to its counterparts. In a blog post published on 8th October ’18 the company announced their decision of shutting down Google+.

As per the blog post, Project Strobe, a company initiative assigned for reviewing third party developer access to Google account and Android device data, found in their analysis that an API through which users could give access of their public profile to third party apps was having certain error. To quote the blog (https://www.blog.google/technology/safety-security/project-strobe/ ), “bug meant that apps could also have access to profile fields that were shared with the user, but not marked public”.

The bug though was patched by March ’18 soon after its discovery but is believed to have existed since the launch.  The company also mentioned that log data of that API was designed to store data for only two weeks hence it is hard to exactly tell how many accounts have been compromised. A rough analysis before patching the bug concludes that data of over 500,000 accounts have been breached. It also stated that close to 438 apps had access to that API. The company claims that static profile fields like email address, age, occupation, age were only compromised. The company also insists that as per the investigation carried by Project Strobe and “Privacy and Data Protection office” they found no evidence of data misuse.

So, what let to the shutdown of Google+?

As per the company, the challenge to maintain the social network and low usage of the platform led their decision of shutdown of Google+ consumer version. The complete winding up is believed to last for 10 months, finally concluding the process by August ’19.

Soon after the Facebook fiasco, Google data breach should be the reason strong enough to make us think that whether our data is even safe. Be it any organization across the globe, our data is valuable to attackers. Employee data, customer records, email-ids, etc. are very worthy pieces of information and can make any organization a high-valued target. It thus becomes an organization’s responsibility to maintain a high security management approach. This should include documented patching, employee protection program, identity access, password management and an incident response plan.