Latest Google+ flaw leads Chocolate Factory to shut down site early
52.5 million accounts at risk, tens of people are worried
Google says it will be speeding up the dismantling of its Google+ social network following the discovery of a new security bug that affected 52.5 million users.
The Chocolate Factory maintains that it has no evidence that the vulnerability, which was found in the API for Google+, was ever actively exploited. According to Google's G-Suite VP of product management David Thacker, over a six-day period in November developers would have been able to access profile information that users had not made public.
Google said the vulnerability shows up when the user allows an app to connect with their Google+ profile. Rather than only see information the user had opted to share, the application would have been able to see all data about the user.
"We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced," Thacker said.
"No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way."
Google: I don't know why you say Allo, I say goodbyeREAD MORE
Still, while Thacker insists there is no evidence the bug was ever exploited, Google did say the exposure is serious enough to warrant moving the timeline for sunsetting Google+ forward by several months.
"With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days," Thacker told users.
"In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users."
At this point, Google may be happy just to be rid of its ill-fated social network after years of trying in vain to push Google+ as a viable alternative to Facebook. Following a previous leak, Google said it would be killing off Google+. After this latest security foul-up, the Mountain View ads giant no doubt will be glad to see the end of the service once and for all. ®