Google has reported on data breach of 52 million users of Google+ social network. The statement was published in the official blog of the company on Monday.
Google warned that a buggy API update introduced in November to its social network exposed personal information for 52.2 million users. The corporation discovered a software bug that allowed third-party developers to gain access to personal user data. It took about a week to fix the problem.
The security alert arrives just two months after Google belatedly admitted that data from an estimated 500,000 accounts had been exposed in March, due to a problem with the same API. But Google only revealed that data exposure in October, following inquiries from the Wall Street Journal (see: Google Forced to Reveal Exposure of Private Data).
But Google’s quick notification shows it may have learned a lesson after its experience with the first exposure involving Google+, says Stephan Chenette, CTO of security vendor AttackIQ, which develops a threat-monitoring platform.
“Companies with repeated security incidents tend to lose even more public trust as it demonstrates a failure to learn from previous mistakes,” Chenette says. “However, compared to Google’s last breach, the company disclosed this bug much sooner and is trying to be more transparent.”
It is noted that third-party applications could request the names and age of users, type of activity, e-mail address. At the same time, Google stressed that they did not find evidence of unfair use of this information. The company decided to shutdown Google+ four months earlier than originally planned — in April 2019.