Better late than never is what Google may have thought after taking them almost two full months before starting to warn specific Google Plus users that were affected by the most recent API bug that resulted in profile data exposure. On December, Google disclosed a serious API bug that allowed external apps to gain access to profile data that were set by users as “non-public”. The estimated pool of affected users back then was set at 52.5 million, leading Google to the decision to sunset their social platform even earlier than they were initially planning to do so.
As shared by a Twitter user named “julishwa”, a selection of users have received notifications by Google, informing them of the specific information fields that were exposed to external apps, as well as which apps these are. While the API bug theoretically allowed these apps to access profile information such as names, email addresses, occupation, age, gender, nickname, birthday, etc., not many of the external apps took advantage of the security hole, as almost no one realized it before Google’s engineers. This is why the number of users who got actually affected and had their profile data accessed by 3rd party app developers is relatively low.
These users are now urged to review their security preferences and decide on the apps that are granted access to their account information. That is until March 2019, which is the date when Google will disable all API functionality, followed by the shutting down of the Google Plus social media platform for the consumers in April 2019. The product will continue from then on as an enterprise collaboration suite, although security issues like the above make this area an especially challenging for Google.
Are you still using the Google Plus social media platform? Would you trust the platform in an enterprise environment? Let us know in the comments section below, and don’t forget to share your thoughts with our online community as well, on the TechNadu Facebook and Twitter.