Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network 4 months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019.
“No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way,” Google said.
Google said it discovered another critical security vulnerability in one of Google+’s People APIs that could have allowed developers to steal private information on 52.5 million users, including their name, email address, occupation, and age.
The vulnerable API in question is called “People: get”. It has been designed to let developers request basic information associated with a user profile.
However, software update in November introduced the bug in the Google+ People API that allowed apps to view users’ information even if a user profile was set to private.