Google Plus Was Hacked And… No One Cares
Breaking news came out of Silicon Valley this week when Google announced that a major security flaw had exposed the data of nearly all of the 47 active Google Plus users (none of which were Google employees).
In all seriousness, Google’s failed social media network did have hundreds of thousands of accounts so there really was some data to be mined from his exposure.
Because of this data breach Google decided to finally go ahead and shut down it’s Google+ network.
Very similar to Facebook’s API flaw (which you can read about here), Google+’s API allowed third-party developers to access the “private” data for more than 500,000 users. The information that was exposed included usernames, email addresses, occupation, date of birth, profile photos, and gender.
All in all, most of this is public data so there doesn’t appear to be much lost but as usual, it brings up the question of how to secure all these social media giants .
Sure, Google + was a barren wasteland but they should have at least done their due diligence
To minimize their negligence Google claims that only 438 applications ‘may’ have used this API.
It’s the age-old “yeah, we had a major API flaw but no one used it” defense.
The vulnerability was open since 2015 and fixed after Google discovered it in March 2018, but the company chose not to disclose the breach to the public which is where Google may find themselves in trouble.
Truth be told, it’s another instance of the big tech dogs being too big and leaving their systems wide open for anyone with a working understanding of API’s to pull any and all data you’ve supplied to their system.
It’s only a matter of time until every piece of information you’ve supplied to the internet is exposed so just go ahead and operate under the assumption that nothing you post, share or upload is going to be secure.