* But the search giant didn’t disclose the vulnerability because it feared regulatory scrutiny, according to a report by the Wall Street Journal.
A vulnerability in the Google+ social network exposed the personal data of up to 500,000 people using the site between 2015 and March 2018, the search giant said Monday.
READ ALSO : 2019: Buhari vs Atiku: Archbishop Chukwuma Reveals The ‘Messiah’
Google said it found no evidence of data misuse. Still, as part of the response to the incident, Google is planning to shut down the social network permanently.
But the company did not disclose the vulnerability when it fixed it in March because the company didn’t want to invite regulatory scrutiny from lawmakers, according to a report Monday by the Wall Street Journal. Google CEO Sundar Pichai was briefed on the decision to not disclose the finding, after an internal committee had already decided the plan, the Journal said.
Google said it found the bug as part of an internal review called Project Strobe, an audit started earlier this year that examines access to user data from Google accounts by third party software developers. The bug gave apps access to information on a person’s Google+ profile that can be marked as private. That includes details like email addresses, gender, age, images, relationship statuses, places lived and occupations. Up to 438 applications on Google Plus had access to this API, though Google said they have no evidence any developers were aware of the vulnerability.
“The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations,” Ben Smith, vice president of engineering, wrote in a blog post. “Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.”
The news comes as Silicon Valley companies have been increasingly scrutinized for their data collection practices. Facebook brought the issue to the forefront in March after its Cambridge Analytica scandal, in which a UK-based digital consultancy harvested data on 87 million Facebook users without their permission.
Google has already recently drawn controversy over its data collection practices. In July, the company was criticized after reports that employees for a third-party email app could read our emails if we integrated those apps with our Gmail account. Google was hammered again a month later, when the Associated Press revealed the company was tracking users’ locations even after they’d turned off their phones’ location history setting.
READ ALSO : Buhari Shares N500m Among Poor People In Adamawa
Last month, Google Chief Privacy Officer Keith Enright — alongside representatives from other tech and telecom giants including Apple, Amazon and AT&T — testified before the Senate on privacy practices in Silicon Valley. Google CEO Sundar Pichai reportedly is expected to take the hot seat in another congressional hearing after the US midterm elections in November.
Google+ launched with much fanfare in 2011, positioned as the search giant’s answer to Facebook. But the social network never gained traction among consumers. Google eventually peeled away some of the services most popular features, including Hangout chats and its photo capabilities, into standalone apps. On Monday, Google said 90 percent of Google+ sessions today last less than five seconds.
The search giant said it will shut down Google+ over the next 10 months, to be completed by next August, to give people a chance to migrate their information and get used to the transition.
Specifically, the issue disclosed Monday came through one of the Google+ “People” APIs, a developer tool available to third-party app developers. Still, outside app makers were not supposed to have access to private profile information. The API was designed to only keep logs for two week periods. Even in that short amount of time, Google’s audit found that nearly half a million Google+ accounts could have been affected in just 14 days’ worth of analysis.
The company said that it often notifies users when there are security issues and flaws and user data is affected, but its privacy and data protection office said the bug did not meet the threshold. The office looks at what data was taken, what affected users need to be informed, if there was any evidence of data abuse, and whether or not users could effectively respond.
.cnet
Are you an artiste? Do you want your music to go viral and reacha large number of audience? Promote your music and Submit your story on Ujuayalogusblog.com by clicking here. For Advert Inquiries Tel/+44(0)7590363984 Subscribe to Ujuayalogusblog.com
For More: Visit Us at Uju Ayalogu's Blog
No comments:
Post a Comment