Google announced it will close the consumer version of Google+ before than originally planned due to the discovery of a new security flaw.
Google will close the consumer version of Google+ in April, four months earlier than planned. According to G Suite product management vice president David Thacker. the company will maintain only a version designed for businesses. Google will shut down the Application programming interface programs (APIs) used by developers to access Google+ data within 90 days, due to the discovery of a bug.
“We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API.” wrote David Thacker.
“We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”
The new flaw was introduced with a software update in November and it was discovered during routine testing and quickly fixed by the experts of the company.
Thacker pointed out that the protection of Google users is a priority for the firm and for this reason all Google+ APIs will be shut-down soon.
“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs,” Thacker said.
“While we recognize there are implications for developers, we want to ensure the protection of our users.”
According to Google, the vulnerability affected approximately 52.5 million users, allowing applications to see profile information such as name, occupation, age, and email address even if access was set to private.
Google initially announced plans to shut down Google+ after discovered a bug that exposed private data in as many as 500,000 accounts
At the time, there was no evidence that developers had taken advantage of the flaw.
Google is in the process of notifying any enterprise customers that were impacted by this flaw.
“A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered.” concludes Thacker.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.