A Recent Google Plus Data Breach Marks the End for the Social Media Platform

Google+ fans are not happy that Google will be closing their Google+ social media outlet. But it’s been clear for a long time that Google’s attempt at rivaling Facebook was not taking hold. And after a recent data breach that exposed half a million users, Google decided it was time to pull the plug. Users have a little time to adjust to the idea, as it won’t actually go away till August 2019.

Another Case of Hiding the Breach

The Google+ users upset at losing their social platform are likely some of the same individuals who had their information stolen in the breach. But perhaps even worse, more are displeased at Google’s decision to keep quiet about the breach. We’ve seen this movie before. Google says it didn’t feel user data was breached (it was) so the company claimed there wasn’t legal obligation to disclose the breach. Given that the breach was in March, pre-GDPR, perhaps that’s defensible. But if that were true then, it’s not true any longer with Europe’s new General Data Protection Regulation (GDPR) data protection laws, as well as California’s upcoming Consumer Privacy Law.

But even more concerning was an internal memo at Google that revealed executives’ plan to keep the breach quiet, not for legally justifiable reasons, but to prevent damage to their reputation and avoid possibly having to face testifying to Congress. They didn’t want to face the same music that Facebook and Mark Zuckerberg had just recently faced.

A Bug in the Code Since 2015

The breach occurred because of a bug in code, present since 2015, that gave third-party app developers access to Google+ user profile data, as well as their connections that had permission. This allowed the developers access to private information about people’s friends.

Breached data included email addresses, birthdays, photos, gender, age, occupations and relationship status. Information not believed to be breached included phone numbers and messages.

Up to 438 applications may have been affected by this access through APIs. Google estimated as many as 496,951 users could have had their data compromised. The bug was fixed in an update in March, the month it was discovered.

The Need for Federal-Level Data Privacy Laws

Now, privacy activists are all the more compelled to continue lobbying for stricter privacy laws in the US. The GDPR likely affects most data breaches going forward. The California law goes into affect next year. But currently there isn’t a US federal data breach law. Many feel there should be and the more these breaches happen – and the more executives attempt to cover them up – the more motivated data privacy advocates are to pursue implementing stricter laws.

Sources:

https://www.technologyreview.com/the-download/612246/google-plus-is-to-be-shut-down-after-private-data-of-half-a-million-users-was/

https://www.theverge.com/2018/10/8/17951890/google-plus-shut-down-security-api-change-gmail-android