UPDATED 20:53 EST / OCTOBER 08 2018

SECURITY

Consumer version of Google+ to be shut down following data exposure

Google LLC is shutting down the consumer version of its Facebook Inc. competitor Google+ after it was reported that the platform has been exposing user data for years.

Although many expected the little-used social networking service to go out with a whimper and not a bang,  the opposite has occurred.

The demise of Google+ started with an explosive allegation, first reported Monday by The Wall Street Journal, that Google was aware of a security vulnerability earlier this year with the service but chose not to reveal it because it feared regulatory scrutiny and reputation damage.

The vulnerability pertains to data access when users grant permission to third parties via the Google+ application programming interface. In this case, the names, email addresses, birth dates, profile photo and gender of up to 500,000 Google+ accounts are believed to have been exposed for a period of three years.

In shutting down Google+, Google confirmed that the vulnerability was real but strongly emphasized that it had found “no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”

Despite noting that it had fixed the vulnerability in March, Google said it had chosen to close down the consumer version of Google+ over the next 10 months, although it will maintain the enterprise version used by its G Suite business customers, at least for now.

“This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps,” Ben Smith, Google Fellow and vice president of engineering wrote. “The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”

Discussion around the news relates to both the vulnerability itself and the fact that Google failed to disclose it until now, something that may be more damaging in the long term.

“This is a breach almost everyone can relate to, because everyone has a Google account and between emails, calendars, documents and other files, lots of people keep a ton of really valuable data in their Google account — so unauthorized access could be really damaging,” Brian Vecci, technical evangelist at Varonis Systems Ltd. told SiliconANGLE.

On top of that, he added, access to people’s primary email means access to their online lives. “Not only do you have their login, which is almost always their email, you have the ability to reset any password since password reset links are sent via email,” he said. “A Gmail breach could be the most damaging breach imaginable for the most number of people the longer it goes undetected. If Google knew about a potential breach and didn’t report it, that’s a huge red flag.”

Pravin Kothari, chief executive officer of CipherCloud Inc., said that Google’s failure to disclose the bug, if the allegation is true, is a recurring theme among tech companies.

“We saw recently that Uber was fined for failing to disclose the fact that they had a breach, and instead of disclosing, tried to sweep it under the rug,” he said. “It’s not surprising that companies that rely on user data are incented to avoid disclosing to the public that their data may have been compromised, which would impact consumer trust. These are the reasons that the government should and will continue to use in their inexorable march to a unified national data privacy omnibus regulation.”

On the broader ramifications, Kothari added that “enterprises leveraging cloud services need to ensure additional security measures and data is protected before it is delivered to a third-party cloud service. This is the only way we can ensure data is protected.”

Photo: jonrussell/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU