Google has decided to shut down Google+ after discovering a data breach. How should we react to the news?
Not many of us were surprised to hear that Google+ will stop existing in a few months. The only surprise came in the way the news was revealed with Google announcing a data breach[1] that led them to this decision.
Google has published a blog post last week mentioning that they discovered a bug in the API for Google+ that allowed third-party developers to access data of 500,000 users with unauthorized permission.
What’s interesting is that they didn’t disclose the breach back in March when they discovered it and they only brought it to the public after The Wall Street Journal covered it[2] in a post.
The story became so big that Google knew that they had to respond to it.
They’ve provided more details in their recent blog post[3] about the bug:
Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs:
- Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API.
- The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
- This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. (See the full list on our developer site.) It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.
- We discovered and immediately patched