Jump to content

2018 Google data breach: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Citation bot (talk | contribs)
Bots
5,333,540 edits
Alter: pages. Add: url, s2cid, volume, doi, issue, authors 1-1. Removed parameters. Formatted dashes. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Ridersonthestrom | Category:Google | via #UCB_Category 110/187
GreenC bot (talk | contribs)
Bots
2,516,021 edits
 
(44 intermediate revisions by 35 users not shown)
Line 1: Line 1:
{{short description|2018 data breach affecting the social network Google+}}
{{short description|2018 data breach affecting the social network Google+}}
[[File:Google VP Engineering Vic Gundotra(cropped).jpg|alt=A photograph of Vic Gundotra.|thumb|[[Vic Gundotra]], Google+ lead at the time of the leaks.]]
{{Infobox organization
The '''2018 Google data breach''' was a major [[data privacy]] scandal in which the [[Google+]] [[Application programming interface|API]] exposed the private data of over five hundred thousand users.<ref>{{Cite web|url=https://www.usatoday.com/story/tech/talkingtech/2019/02/01/google-close-google-social-network-april-2/2741657002/|title=Google sets April 2 closing date for Google+, download your photos and content before then|last=Snider|first=Mike|date=1 February 2019|website=USA TODAY|access-date=12 May 2019}}</ref>
| name = Google+
| image = Google_circle.svg
| caption =
| predecessor = [[Google Buzz]]
| successor = [[Google Currents]]
| formation = 28 June 2011
| founder = [[Vic Gundotra]]
| dissolved = 2 April 2019
| services = Social Media Network
}}


Google+ managers first noticed harvesting of personal data in March 2018,<ref>{{Cite magazine|url=https://www.wired.com/story/google-plus-bug-52-million-users-data-exposed/|title=A New Google+ Blunder Exposed Data From 52.5 Million Users|last=Newman|first=Lily Hay|date=12 October 2018|magazine=Wired|access-date=12 May 2019|issn=1059-1028}}</ref> during a review following the [[Facebook–Cambridge Analytica data scandal]]. The bug, despite having been fixed immediately, exposed the private data of approximately 500,000 Google+ users to the public.<ref name="JournalArticle">{{Cite journal |doi = 10.1016/S1353-4858(18)30095-3|title = Flaw leads to Google+ shutting down|journal = Network Security|volume = 2018|issue = 10|pages = 3|year = 2018| s2cid=240102979 }}</ref> Google did not reveal the leak to the network's users''.''<ref name="WSJ">{{Cite news|url=https://www.wsj.com/articles/google-exposed-user-data-feared-repercussions-of-disclosing-to-public-1539017194|title=Google Exposed User Data, Feared Repercussions of Disclosing to Public|last1=MacMillan|first1=Douglas|date=8 October 2018|work=Wall Street Journal|access-date=12 May 2019|last2=McMillan|first2=Robert|issn=0099-9660}}</ref> In November 2018, another data breach occurred following an update to the Google+ API. Although Google found no evidence of failure, approximately 52.5 million personal profiles were potentially exposed.<ref>{{Cite news|url=https://www.washingtonpost.com/technology/2018/12/10/google-reveals-new-security-bug-affecting-more-than-million-users/|title=New Google+ security bug could affect more than 52 million users|last1=Romm|first1=Tony|date=10 December 2018|newspaper=The Washington Post|last2=Timberg|first2=Craig}}</ref> In August 2019, Google declared a shutdown of Google+ due to low use and technological challenges.<ref>{{Cite web|last=Thacker|first=David|date=10 December 2018|title=Expediting changes to Google+|url=https://www.blog.google/technology/safety-security/expediting-changes-google-plus/|access-date=12 May 2019|website=Google}}</ref><ref name="name">{{Cite web|url=https://developers.google.com/+/api-shutdown|title=Google+ API Shutdown {{!}} Google+ Platform|website=Google Developers|access-date=14 May 2019}}</ref><ref>{{Cite journal|year=2018|title=Google's social network is closing|journal=New Scientist|volume=240|issue=3199|pages=4|doi=10.1016/S0262-4079(18)31819-0|s2cid=240126196 }}</ref>
The '''2018 Google data breach''' was a major scandal in late 2018 when [[Google]] engineers discovered a software leakage within the [[Google+]] [[Application programming interface|API]] used in the social media network. As over five million user's data was compromised.<ref>{{Cite web|url=https://www.usagillltoday.com/story/tech/talkingtech/2019/02/01/google-close-google-social-network-april-2/2741657002/|title=Google sets April 2 closing date for Google+, download your photos and content before then|last=Snider|first=Mike|date=1 February 2019|website=USA TODAY|access-date=12 May 2019}}</ref> This led to the immense news coverage on consumer privacy levels within Google+ and the shutting down of the Google+ consumer social network on 2 April 2019.<ref name="GoogleSupport">{{Cite web|url=https://support.google.com/plus/answer/9217723#whatshappening|title=Frequently asked questions about the Google+ shutdown - Google+ Help|website=support.google.com|access-date=12 May 2019}}</ref>

The harvesting of personal data was first noticed by Google+ producers in March 2018 <ref>{{Cite news|url=https://www.wired.com/story/google-plus-bug-52-million-users-data-exposed/|title=A New Google+ Blunder Exposed Data From 52.5 Million Users|last=Newman|first=Lily Hay|date=12 October 2018|work=Wired|access-date=12 May 2019|issn=1059-1028}}</ref> during a review of its operations following the [[Facebook–Cambridge Analytica data scandal]]. The bug was immediately fixed however led to approximately 500,000 Google+ private users data being open to the public.<ref name=JournalArticle>{{Cite journal |doi = 10.1016/S1353-4858(18)30095-3|title = Flaw leads to Google+ shutting down|journal = Network Security|volume = 2018|issue = 10|pages = 3|year = 2018}}</ref> Google did not disclose this information to the social network's consumer database. On 8 October 2018, the article ''Google Exposed User Data, Feared Repercussions of Disclosing to Public''<ref name="WSJ">{{Cite news|url=https://www.wsj.com/articles/google-exposed-user-data-feared-repercussions-of-disclosing-to-public-1539017194|title=Google Exposed User Data, Feared Repercussions of Disclosing to Public|last1=MacMillan|first1=Douglas|date=8 October 2018|work=Wall Street Journal|access-date=12 May 2019|last2=McMillan|first2=Robert|issn=0099-9660}}</ref> was published by ''[[The Wall Street Journal]]''. Following this, in August 2019 Google made a simultaneous blog post announcing the shutting down of Google+ as there was low consumer use and technological challenges.<ref>{{Cite web|url=https://www.blog.google/technology/safety-security/expediting-changes-google-plus/|title=Expediting changes to Google+|last=Thacker|first=David|date=10 December 2018|website=Google|access-date=12 May 2019}}</ref>

Within November 2018, another data breach was found within a Google+ API software update. The bug was fixed within a week and there was no evidence that any third party developer compromised the system. However, approximately 52.5 million non-public profile fields were exposed to alternative apps that requested access to individuals Google+ ID, and created access to other profiles that had shared information with each other.<ref>{{Cite news|url=https://www.washingtonpost.com/technology/2018/12/10/google-reveals-new-security-bug-affecting-more-than-million-users/|title=New Google+ security bug could affect more than 52 million users|last1=Romm|first1=Tony|date=10 December 2018|work=The Washington Post|last2=Timberg|first2=Craig}}</ref>

Due to these data breaches, consumers called for greater consumer protection in online media and Google moved the Google+ social media shut down date to 2 April 2019, with legacy Google+ API's being shut down on 7 March 2019.<ref name=name>{{Cite web|url=https://developers.google.com/+/api-shutdown|title=Google+ API Shutdown {{!}} Google+ Platform|website=Google Developers|access-date=14 May 2019}}</ref>


== Overview of Google+ ==
== Overview of Google+ ==


In June 2011, Google+ was launched as an invite-only social network<ref>{{Cite news|url=https://www.bbc.com/news/technology-47771927|title=Google shuts failed social network Google+|last=Fox|first=Chris|date=2 April 2019|work=BBC News}}</ref> and then become a public database later in that year. Google+ was managed by Vic Gundotra, Google's senior vice president of engineering.<ref>{{Cite journal|last=Dieter|first=Daniel|date=11 November 2018|title=Google+ Case Study: Create a Social Network or Risk Everything|journal=Performance Improvement|volume=57|issue=10|pages=26–36|doi=10.1002/pfi.21826}}</ref> Similar to [[Facebook]], Google+ acted as a social media database for posting photos and creating status's on individual feeds yet included the key features including ''Circles, Hangouts'' and ''Sparks''.
Google+ was launched in June 2011 as an invite-only social network,<ref>{{Cite news|url=https://www.bbc.com/news/technology-47771927|title=Google shuts failed social network Google+|last=Fox|first=Chris|date=2 April 2019|work=BBC News}}</ref> but was opened for public access later in the year. It was managed by [[Vic Gundotra]].<ref>{{Cite journal|last=Dieter|first=Daniel|date=11 November 2018|title=Google+ Case Study: Create a Social Network or Risk Everything|journal=Performance Improvement|volume=57|issue=10|pages=26–36|doi=10.1002/pfi.21826|s2cid=69571511 }}</ref>


Similar to [[Facebook]], Google+ also included key features [[Google Circles|Circles]], [[Google Hangouts|Hangouts]] and Sparks.
''Circles'' were created to allow consumers to personalise their social groups by sorting friends into different categories. Once allowed into a ''Circle'', the person can be allowed to see particular content and be restricted from others.<ref>{{Cite journal|last=Ovadia|first=Steven|date=5 December 2011|title=An Early Introduction to the Google+ Social Networking Project|journal=Behavioural and Social Sciences Librarian|volume=30|issue=4|pages=259–263|doi=10.1080/01639269.2011.622258|s2cid=62551198|url=https://academicworks.cuny.edu/cgi/viewcontent.cgi?article=1016&context=lg_pubs}}</ref> Therefore, users can regulate access of information in their individual spaces. ''Hangouts'' included video chatting and instant messaging between consumers.<ref>{{Cite book |doi = 10.1016/B978-0-12-801656-5.00013-5|chapter = Google+|title = Introduction to Social Media Investigation|pages = 137–149|year = 2015|last1 = Golbeck|first1 = Jennifer|isbn = 9780128016565}}</ref> The other key feature of Google+ was ''Sparks''; where Google tracked your past searches using keywords to find news and content related to a user's interests.<ref>{{Cite web|url=http://social.techcrunch.com/2018/10/08/looking-back-at-google/|title=Looking back at Google+|last=Perez|first=Sarah|date=November 2018|website=TechCrunch|access-date=12 May 2019}}</ref>


* ''Circles'' let users personalize their social groups by sorting friends into different categories. Once allowed into a ''Circle'', users could regulate information in their individual spaces.<ref>{{Cite journal|last=Ovadia|first=Steven|date=5 December 2011|title=An Early Introduction to the Google+ Social Networking Project|journal= Behavioral & Social Sciences Librarian|volume=30|issue=4|pages=259–263|doi=10.1080/01639269.2011.622258|s2cid=62551198|url=https://academicworks.cuny.edu/cgi/viewcontent.cgi?article=1016&context=lg_pubs}}</ref>
Along with being a social network, Google+ was produced to be the social layer of Google and its many apps and hence was used within other Google Profiles such as [[YouTube]], [[Gmail]] and others. Google+ had over 2 billion user accounts within its interface<ref>{{Cite news|url=https://www.abc.net.au/news/2018-10-09/google-social-media-service-shut-down-after-privacy-issue/10354918|title=Google+ social media service to shut down after private data of at least 500,000 users exposed|date=9 October 2018|work=ABC News}}</ref> as it gave access to many Google apps including [[Gmail]] and [[Google Drive]]. However, less than 400 million consumers were actively using the social media aspect, with 90% of these users using the social network for five seconds.<ref>{{Cite web|url=https://www.indiatoday.in/technology/features/story/former-google-designer-explains-why-google-s-social-media-play-failed-1370662-2018-10-18|title=Former Google+ designer explains why Google's social media play failed: it was mostly office politics|last=Ganjoo|first=Shweta|website=India Today|access-date=12 May 2019}}</ref> Hence, Google+ did not have a large amount of consumer interaction within the social media network.
* ''Hangouts'' included video chatting and instant messaging between users.<ref>{{Cite book |doi = 10.1016/B978-0-12-801656-5.00013-5|chapter = Google+|title = Introduction to Social Media Investigation|pages = 137–149|year = 2015|last1 = Golbeck|first1 = Jennifer|isbn = 9780128016565}}</ref>
* ''Sparks'' allowed Google to track users' past searches to find news and content related to their interests.<ref>{{Cite web|url=https://techcrunch.com/2018/10/08/looking-back-at-google/|title=Looking back at Google+|last=Perez|first=Sarah|date=November 2018|website=TechCrunch|access-date=12 May 2019}}</ref>


Google+ was linked to other Google services, such as [[YouTube]], [[Google Drive]] and [[Gmail]], giving it access to roughly 2 billion user accounts.<ref>{{Cite news|url=https://www.abc.net.au/news/2018-10-09/google-social-media-service-shut-down-after-privacy-issue/10354918|title=Google+ social media service to shut down after private data of at least 500,000 users exposed|date=9 October 2018|work=ABC News}}</ref> However, less than 400 million consumers actively used Google+, with 90% of those users using it for less than five seconds.<ref>{{Cite web|url=https://www.indiatoday.in/technology/features/story/former-google-designer-explains-why-google-s-social-media-play-failed-1370662-2018-10-18|title=Former Google+ designer explains why Google's social media play failed: it was mostly office politics|last=Ganjoo|first=Shweta|website=India Today|access-date=12 May 2019}}</ref>
Along with the data breaches, Google+ saw limited consumer interaction with apps and low social media usage and so, the social network was shut down<ref>{{Cite journal |doi = 10.1016/S0262-4079(18)31819-0|title = Google's social network is closing|journal = New Scientist|volume = 240|issue = 3199|pages = 4|year = 2018}}</ref> on 2 April 2019.


== The breaches ==
== Characteristics of the data breach ==


In March 2018, Google developers found a data breach within the Google+ People API in which external apps acquired access to Profile fields that were not marked as public.<ref name="JournalArticle" /> 500,000 Google+ accounts were included in the breach, which allowed 438 external apps unauthorized access to private users' names, emails, addresses, occupations, genders and ages.<ref name="JournalArticle" /> This information was available between 2015 and 2018.<ref name="Article">{{Cite journal|last=Burton|first=Winston|date=25 October 2018|title=Google Plus: Past, Present & Future|journal=Search Engine Journal}}</ref> Google found no evidence of any user's personal information being misused, nor that any third-party app developers were aware of the leak.
In January 2018, a formal assessment of third-party developers and app access to Google accounts was created named Project Strobe.<ref name=googleblog>{{Cite web|url=https://www.blog.google/technology/safety-security/project-strobe/|title=Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+|last=Smith|first=Ben|date=8 October 2018|website=Google Blog|access-date=12 May 2019}}</ref> Through this project, privacy platforms were examined and tightened as consumers were concerned of [[data privacy]]. Google Project Strobe constructs a review on consumer's profiles, identifying what parts of a profile third-party developers are able to access. Many third-party apps use Google+ as a service to improve communication, working life and online experience. In March, the analysis of Application Programming Interfaces (API) showed a data breach within the Google+ People API where external apps acquired access to Profile fields that were not marked as public.<ref name=JournalArticle />


In November 2018, a software update created another data breach within the Google+ API. The bug impacted 52.5 million users,<ref>{{Cite web|url=https://www.blog.google/technology/safety-security/expediting-changes-google-plus/|title=Expediting changes to Google+|date=10 December 2018|website=Google|access-date=12 May 2019}}</ref> where, similarly to the March breach, unauthorized apps were able to access Google+ profiles, including users' names, email addresses, occupations and ages. Apps could not access financial information, national identification, numbers, or passwords. Blog posts, messages and phone numbers also remained inaccessible if marked as private. Unlike the previous breach, access was only available for six days before Google+ learned of the breach. Once more, Google+ found no evidence data being misused by third-party developers.
Google found that there was no evidence of any user's personal information being misused. A detailed analysis identified that 500,000 Google+ accounts were included in this data breach which was capable of allowing 438 external apps without authorisation to private users names, emails, addresses, occupations, gender and age.<ref name=JournalArticle /> This information was able to be accessed by third-party apps between 2015 and 2018.<ref name=Article>{{Cite journal|last=Burton|first=Winston|date=25 October 2018|title=Google Plus: Past, Present & Future|journal=Search Engine Journal}}</ref> There was no evidence found that any of this information was misused, and Google is not able to confirm which particular users profile data was accessible or impacted. There was no evidence found that any third-party app developers were aware of this profile leakage and abused this.


== Responses ==
In November 2018, a software update created another data breach within the Google+ API. The bug impacted 52.5 million users<ref>{{Cite web|url=https://www.blog.google/technology/safety-security/expediting-changes-google-plus/|title=Expediting changes to Google+|date=10 December 2018|website=Google|access-date=12 May 2019}}</ref> where, similarly to the past data breach, apps were able to access Google+ profiles without consent displaying name, email address, occupation and age. Apps were not able to access information relating to financial, national identification numbers or passwords. Google+ blog posts, messages and phone numbers also remained inaccessible if displayed as private information. Dissimilar to the last data breach, access was granted for six days before Google+ gained knowledge of the data leakage and was able to rectify the problem. Google+ found no evidence of misused data by third-party developers and consumers were Access was granted for six days before Google+ was able to rectify the problem, however they found no evidence of misuse and an announcement of the leakage was made to Google+ consumers.


In October 2018, the ''Wall Street Journal'' published an article outlining the initial breach and Google's decision to not disclose it to users.<ref>{{Cite news|last=McMillan|first=Douglas MacMillan and Robert|date=2018-10-08|title=Google Exposed User Data, Feared Repercussions of Disclosing to Public|language=en-US|work=Wall Street Journal|url=https://www.wsj.com/articles/google-exposed-user-data-feared-repercussions-of-disclosing-to-public-1539017194|access-date=2021-12-05|issn=0099-9660}}</ref> At the time, there was no federal law that required Google to inform their consumers of data breaches. Google+ originally did not disclose the breach out of fears of being compared to [[Facebook–Cambridge Analytica data scandal|Facebook's recent data leak]] and subsequent loss of consumer confidence.<ref name="WSJ" /> In response to the ''Wall Street Journal'' article, Google announced the shutdown of Google+ in August 2019.<ref name="googleblog">{{Cite web|last=Smith|first=Ben|date=8 October 2018|title=Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+|url=https://www.blog.google/technology/safety-security/project-strobe/|access-date=12 May 2019|website=Google Blog}}</ref> After the second data leak, the date was moved to April 2019.<ref name="GoogleSupport">{{Cite web|title=Frequently asked questions about the Google+ shutdown - Google+ Help|url=https://support.google.com/plus/answer/9217723#whatshappening|access-date=12 May 2019|website=support.google.com}}</ref> In response to the data breach, enterprise consumers were notified of the bug's impact and given instructions on how to save, download and delete their data prior to the Google+ shut down. Google's Privacy and Data Protection Office found no misuse of user data.
== News coverage ==


Prior to the Google+ shutdown, Google set a 10-month period in which users could download and migrate their data. After the 10-month period, user content was deleted. On 4 February 2019, consumers were no longer able to create new Google+ profiles.<ref>{{Cite web|url=https://inews.co.uk/news/technology/google-plus-shutdown-back-up-data/|title=Google+ shutdown: how to back up photos and data before your account closes|last=Nelson|first=Alex|date=7 February 2019|website=inews.co.uk|access-date=12 May 2019}}</ref> Google shut down Google+ APIs on 7 March 2019 to ensure that developers did not continue to rely on the APIs prior to the Google+ shutdown.<ref name="name" /><ref name="Article" />
The publishing of ‘Google Exposed User Data, Feared Repercussions of Disclosing to Public’ by the ''Wall Street Journal'' on October 8, 2018 outlined the initial data breach, describing how Google+ had not originally disclosed the issue. They advised the public that the data breach had occurred between 2015 and 2018 through a leakage in the API software where third-party apps were able to access private information. There is no federal law that requires Google to inform their consumers of data breaches. Google+ originally did not want to disclose the information in fear of comparison to Facebook's data leakage and loss of consumer confidence.<ref name=WSJ /> In response to the article, Google announced the permanent shut down of all consumer functionality in August 2019. After the second data leakage this date was accelerated and moved to April 2019.


Google is the principal entity of its parent company, [[Alphabet Inc.|Alphabet Inc]]. After the data breach, Alphabet Inc. share prices fell by 1% to $1,157.06 on 9 October 2018 after an earlier drop of $1,135.40 that morning, the lowest price since 5 July 2018.<ref>{{Cite web|url=https://www.bloomberg.com/news/articles/2018-10-08/google-falls-after-report-it-covered-up-potential-security-flaw|title=Google Discloses Privacy Security Flaw Kept Quiet Since March|last1=De Vynck|first1=Gerrit|last2=Nix|first2=Naomi|date=9 October 2018|website=Bloomberg}}</ref> After the publication of ''The Wall Street Journal'' article, share prices dropped as low as 2.1% in two days on 10 October 2018. Share prices steadily increased from this point and met the 8 October 2018 share price on 5 February 2019.<ref>{{Cite web|url=https://www.forbes.com/sites/rogeraitken/2019/02/05/alphabet-in-the-soup-over-costs-but-analysts-average-google-price-target-1346/#1b77fefc3124|title=Alphabet 'In The Soup' Over Costs, But Analysts' Average Google Price Target $1,346|last=Aitken|first=Roger|website=Forbes}}</ref>
Alongside the ''Wall Street Journal'', considerable amounts of coverage was made on each data breach by newspapers around the world discussing consumer's privacy levels. On 8 October 2018, a Google Blog post described the first data leakage and the shutdown of Google+, written by Ben Smith, the Vice President of Engineering within Google.<ref name=googleblog /> Following the second data breach, Google Blog posted an article written by the Vice President of Product Management, David Thacker, on December 10, 2018.<ref name="GoogleSupport" /> This article indicated that Google+ APIs would be shutting down within the next 90 days and the acceleration of the closing of Google+. Both articles provide a detailed explanation of each data breach, the ramifications for Google+ and ensured consumers on the privacy and reliance on Google of consumer data.


Google planned to rebuild Google+ as a corporate enterprise network.<ref>{{Cite web|url=https://gsuite.google.com/products/currents/|title=Currents: Have Meaningful Discussions at Work {{!}} G Suite|website=gsuite.google.com|access-date=12 May 2019}}</ref> [[Google Play]] will now assess which apps can ask for permission to access the user's SMS data. Only the default app for telephone distribution is able to make requests. Prior to the data breaches, apps were able to request access to all of a consumer's data simultaneously. Now, each app must request permission for each aspect of a consumer's profile.
== Responses on Google+ and Google ==

In response to the data breach, enterprise consumers were notified of the impact of the bug and given instructions on how to save, download and delete their data prior to the Google+ shut down. The issues were analysed by Google's Privacy and Data Protection Office, finding that there was no misuse of consumer's profiles data. However, Google decided that Google+ was not being used in abundance as a social media network and hence the network should be shut down.

=== Immediate ramifications ===
Preparing for the Google+ social network, Google created a 10-month period for consumers to download and migrate their profile's data. Google+ users could save Google+ photos, videos, events, posts, circles and communities. Events created in Google+ and birthdays of relevant people in Google+ circles will be deleted off Google Calendar. Photos and videos backed up to Google Photos will not be deleted. Google+ widgets will no longer be available and have since been removed from all blogs. After the 10-month period consumer content will be deleted and Google will not save Google+ content apart from particular content needed for law, regulation, legal processes, legal obligations, or government requests. As the social network had a substantial number of consumers, the process of deleting this data will take a few months and is in progress. On 4 February 2019 consumers were no longer able to create new Google+ profile.<ref>{{Cite web|url=https://inews.co.uk/news/technology/google-plus-shutdown-back-up-data/|title=Google+ shutdown: how to back up photos and data before your account closes|last=Nelson|first=Alex|date=7 February 2019|website=inews.co.uk|access-date=12 May 2019}}</ref> Google shut down Google+ APIs on 7 March 2019 to ensure that developers do not remain reliant on these APIs prior to the Google+ shutdown.<ref name=name /> As of 2 April 2019, Collections and Circles still existed but are continually being phased out.

As of 7 March 2019, Google+ APIs have been shut down including REST API, Web API, Android SDK, Domains API and Pages API.<ref name=Article /> Developers that used these Google+ APIs have removed these as otherwise their applications would break. Google has offered alternative APIs for these developers including Google Sign-In and Google People API.

=== Share Price Impact ===
Google is the principal entity owned by its parent company [[Alphabet Inc.|Alphabet Inc]]. After the data breach, Alphabet Inc share prices fell by 1% to $1,157.06 on 9 October 2018 after an earlier drop of $1,135.40 that morning being the lowest price since 5 July 2018.<ref>{{Cite web|url=https://www.bloomberg.com/news/articles/2018-10-08/google-falls-after-report-it-covered-up-potential-security-flaw|title=Google Discloses Privacy Security Flaw Kept Quiet Since March|last1=De Vynck|first1=Gerrit|last2=Nix|first2=Naomi|date=9 October 2018|website=Bloomberg}}</ref> After the publication of ''The Wall Street Journal'' article, share prices dropped as low as 2.1% in two days on 10 October 2018. Share prices steadily increased from this point and were able to rectify this share price drop and meet the 8 October 2018 share price on 5 February 2019.<ref>{{Cite web|url=https://www.forbes.com/sites/rogeraitken/2019/02/05/alphabet-in-the-soup-over-costs-but-analysts-average-google-price-target-1346/#1b77fefc3124|title=Alphabet 'In The Soup' Over Costs, But Analysts' Average Google Price Target $1,346|last=Aitken|first=Roger|website=Forbes}}</ref>

=== Rebuilding Google+ ===
Google will rebuild Google+ as a corporate enterprise network.<ref>{{Cite web|url=https://gsuite.google.com/products/currents/|title=Currents: Have Meaningful Discussions at Work {{!}} G Suite|website=gsuite.google.com|access-date=12 May 2019}}</ref> This network will be known as [[Google Currents]] and will be used by [[G Suite|G suite]] consumers. The name has been recycled from the previous Google magazine platform, Google Currents, which is now known as Google News. The network will incorporate new features including 'tags'. Tags have been built for employees to be able to be involved in relevant organisation conversations if they follow a certain tag. Managers will be able to monitor conversations between employees, and interact through the social media network. Leaders posts will also be given priority within the business's posts and events and will be given more visibility across the network. This network will have differing security and privacy settings. Apps will require requested access to other Google platforms where only email functionality enhancing apps will be allowed after heightened security regulations. [[Google Play]] will now assess which apps can ask for permission to access the users SMS data; where only the default app for telephone distribution is able to make requests. Prior to the data breaches, apps were able to request access to all of a consumer's data simultaneously. Within the new privacy setting, each app will need to request individual permission for each aspect of a consumer's profile, and the consumer will have to grant this to create access. New posts will now only be accessed within the domain however this can be made Public. Profiles can no longer be publicly searched and discovered.


==References==
==References==
{{reflist}}
{{reflist}}

{{Google LLC}}
{{Hacking in the 2010s}}


[[Category:Google]]
[[Category:Google]]
[[Category:Data breaches]]
[[Category:Data breaches]]
[[Category:Alphabet Inc.]]
[[Category:2018 in computing]]
[[Category:2018 in computing]]

Latest revision as of 04:13, 26 July 2024

A photograph of Vic Gundotra.
Vic Gundotra, Google+ lead at the time of the leaks.

The 2018 Google data breach was a major data privacy scandal in which the Google+ API exposed the private data of over five hundred thousand users.[1]

Google+ managers first noticed harvesting of personal data in March 2018,[2] during a review following the Facebook–Cambridge Analytica data scandal. The bug, despite having been fixed immediately, exposed the private data of approximately 500,000 Google+ users to the public.[3] Google did not reveal the leak to the network's users.[4] In November 2018, another data breach occurred following an update to the Google+ API. Although Google found no evidence of failure, approximately 52.5 million personal profiles were potentially exposed.[5] In August 2019, Google declared a shutdown of Google+ due to low use and technological challenges.[6][7][8]

Overview of Google+

[edit]

Google+ was launched in June 2011 as an invite-only social network,[9] but was opened for public access later in the year. It was managed by Vic Gundotra.[10]

Similar to Facebook, Google+ also included key features Circles, Hangouts and Sparks.

  • Circles let users personalize their social groups by sorting friends into different categories. Once allowed into a Circle, users could regulate information in their individual spaces.[11]
  • Hangouts included video chatting and instant messaging between users.[12]
  • Sparks allowed Google to track users' past searches to find news and content related to their interests.[13]

Google+ was linked to other Google services, such as YouTube, Google Drive and Gmail, giving it access to roughly 2 billion user accounts.[14] However, less than 400 million consumers actively used Google+, with 90% of those users using it for less than five seconds.[15]

The breaches

[edit]

In March 2018, Google developers found a data breach within the Google+ People API in which external apps acquired access to Profile fields that were not marked as public.[3] 500,000 Google+ accounts were included in the breach, which allowed 438 external apps unauthorized access to private users' names, emails, addresses, occupations, genders and ages.[3] This information was available between 2015 and 2018.[16] Google found no evidence of any user's personal information being misused, nor that any third-party app developers were aware of the leak.

In November 2018, a software update created another data breach within the Google+ API. The bug impacted 52.5 million users,[17] where, similarly to the March breach, unauthorized apps were able to access Google+ profiles, including users' names, email addresses, occupations and ages. Apps could not access financial information, national identification, numbers, or passwords. Blog posts, messages and phone numbers also remained inaccessible if marked as private. Unlike the previous breach, access was only available for six days before Google+ learned of the breach. Once more, Google+ found no evidence data being misused by third-party developers.

Responses

[edit]

In October 2018, the Wall Street Journal published an article outlining the initial breach and Google's decision to not disclose it to users.[18] At the time, there was no federal law that required Google to inform their consumers of data breaches. Google+ originally did not disclose the breach out of fears of being compared to Facebook's recent data leak and subsequent loss of consumer confidence.[4] In response to the Wall Street Journal article, Google announced the shutdown of Google+ in August 2019.[19] After the second data leak, the date was moved to April 2019.[20] In response to the data breach, enterprise consumers were notified of the bug's impact and given instructions on how to save, download and delete their data prior to the Google+ shut down. Google's Privacy and Data Protection Office found no misuse of user data.

Prior to the Google+ shutdown, Google set a 10-month period in which users could download and migrate their data. After the 10-month period, user content was deleted. On 4 February 2019, consumers were no longer able to create new Google+ profiles.[21] Google shut down Google+ APIs on 7 March 2019 to ensure that developers did not continue to rely on the APIs prior to the Google+ shutdown.[7][16]

Google is the principal entity of its parent company, Alphabet Inc. After the data breach, Alphabet Inc. share prices fell by 1% to $1,157.06 on 9 October 2018 after an earlier drop of $1,135.40 that morning, the lowest price since 5 July 2018.[22] After the publication of The Wall Street Journal article, share prices dropped as low as 2.1% in two days on 10 October 2018. Share prices steadily increased from this point and met the 8 October 2018 share price on 5 February 2019.[23]

Google planned to rebuild Google+ as a corporate enterprise network.[24] Google Play will now assess which apps can ask for permission to access the user's SMS data. Only the default app for telephone distribution is able to make requests. Prior to the data breaches, apps were able to request access to all of a consumer's data simultaneously. Now, each app must request permission for each aspect of a consumer's profile.

References

[edit]
  1. ^ Snider, Mike (1 February 2019). "Google sets April 2 closing date for Google+, download your photos and content before then". USA TODAY. Retrieved 12 May 2019.
  2. ^ Newman, Lily Hay (12 October 2018). "A New Google+ Blunder Exposed Data From 52.5 Million Users". Wired. ISSN 1059-1028. Retrieved 12 May 2019.
  3. ^ a b c "Flaw leads to Google+ shutting down". Network Security. 2018 (10): 3. 2018. doi:10.1016/S1353-4858(18)30095-3. S2CID 240102979.
  4. ^ a b MacMillan, Douglas; McMillan, Robert (8 October 2018). "Google Exposed User Data, Feared Repercussions of Disclosing to Public". Wall Street Journal. ISSN 0099-9660. Retrieved 12 May 2019.
  5. ^ Romm, Tony; Timberg, Craig (10 December 2018). "New Google+ security bug could affect more than 52 million users". The Washington Post.
  6. ^ Thacker, David (10 December 2018). "Expediting changes to Google+". Google. Retrieved 12 May 2019.
  7. ^ a b "Google+ API Shutdown | Google+ Platform". Google Developers. Retrieved 14 May 2019.
  8. ^ "Google's social network is closing". New Scientist. 240 (3199): 4. 2018. doi:10.1016/S0262-4079(18)31819-0. S2CID 240126196.
  9. ^ Fox, Chris (2 April 2019). "Google shuts failed social network Google+". BBC News.
  10. ^ Dieter, Daniel (11 November 2018). "Google+ Case Study: Create a Social Network or Risk Everything". Performance Improvement. 57 (10): 26–36. doi:10.1002/pfi.21826. S2CID 69571511.
  11. ^ Ovadia, Steven (5 December 2011). "An Early Introduction to the Google+ Social Networking Project". Behavioral & Social Sciences Librarian. 30 (4): 259–263. doi:10.1080/01639269.2011.622258. S2CID 62551198.
  12. ^ Golbeck, Jennifer (2015). "Google+". Introduction to Social Media Investigation. pp. 137–149. doi:10.1016/B978-0-12-801656-5.00013-5. ISBN 9780128016565.
  13. ^ Perez, Sarah (November 2018). "Looking back at Google+". TechCrunch. Retrieved 12 May 2019.
  14. ^ "Google+ social media service to shut down after private data of at least 500,000 users exposed". ABC News. 9 October 2018.
  15. ^ Ganjoo, Shweta. "Former Google+ designer explains why Google's social media play failed: it was mostly office politics". India Today. Retrieved 12 May 2019.
  16. ^ a b Burton, Winston (25 October 2018). "Google Plus: Past, Present & Future". Search Engine Journal.
  17. ^ "Expediting changes to Google+". Google. 10 December 2018. Retrieved 12 May 2019.
  18. ^ McMillan, Douglas MacMillan and Robert (2018-10-08). "Google Exposed User Data, Feared Repercussions of Disclosing to Public". Wall Street Journal. ISSN 0099-9660. Retrieved 2021-12-05.
  19. ^ Smith, Ben (8 October 2018). "Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+". Google Blog. Retrieved 12 May 2019.
  20. ^ "Frequently asked questions about the Google+ shutdown - Google+ Help". support.google.com. Retrieved 12 May 2019.
  21. ^ Nelson, Alex (7 February 2019). "Google+ shutdown: how to back up photos and data before your account closes". inews.co.uk. Retrieved 12 May 2019.
  22. ^ De Vynck, Gerrit; Nix, Naomi (9 October 2018). "Google Discloses Privacy Security Flaw Kept Quiet Since March". Bloomberg.
  23. ^ Aitken, Roger. "Alphabet 'In The Soup' Over Costs, But Analysts' Average Google Price Target $1,346". Forbes.
  24. ^ "Currents: Have Meaningful Discussions at Work | G Suite". gsuite.google.com. Retrieved 12 May 2019.
Retrieved from "https://en.wikipedia.org/w/index.php?title=2018_Google_data_breach&oldid=1236704305"