Google+ suffers second data flaw, will be shut down early

Personal data of up to 52.5 million users was exposed by the security vulnerability

By Becky Cunningham, last updated Dec 11, 2018.

  1. Becky
    Google announced in October that they had begun the process of winding down their unpopular social media platform, Google+, following the discovery of a security flaw that exposed the data of up to 500,000 users. It has now been revealed that a further vulnerability has been discovered, exposing the personal data of 52.5 million users. As a result, Google is expediting the 'sunsetting' of Google+ by bringing the completion data forward from August 2019 to April 2019.

    According to the recent blog post by David Thacker, VP of Product Management for G Suite, they have "recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API" which was fixed within a week of it being introduced. He continues, that "no third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way." In addition, he announced that all Google+ APIs will be shut down within the next 90 days.

    sundar pichai.jpg
    Sundar Pichai, CEO of Google LLC

    The data exposed included users names, email address, age, and occupation, as well as other details saved to user profiles. Furthermore, the data was exposed even if the user had set their profile to private. The investigation is still ongoing, but it appears that "financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft" was not exposed.

    Google+ will still exist after April 2019, but it will only be available as a platform for businesses to use within their own organisations. It remains to be seen whether the repeated security flaws will deter these 'enterprise customers'.

    How do I delete my Google+ profile?
    Whilst Google have assured users that there is no evidence that personal data was accessed whilst the vulnerability existed, users are understandably concerned by the repeated flaws. If you have a Google+ profile and wish to delete your profile before April 2019, you can do so by logging in to your Google+ account (you can do this while logged in to Gmail by clicking on the squares at the top-right of the screen). Go to the Settings option on the left-hand menu, then scroll to the bottom of the page to see the Account section, in which you should see the option to 'Delete your Google+ profile'.