Google+ shut down after a breach involving 5 lakh user data
First it was Facebook that had come under the scrutiny for harvesting personal data and now it is Google. A bug that was present in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
The company however chose not to disclose the data leak, perhaps to avoid a similar scenario of being dragged in front of the US Congress as faced by Mark Zuckerberg a few months back and also to aver any kind of public relations headache.
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
Shortly after the story was published by the Wall Street Journal, Google announced that it will bar consumer access to Google+ to improve privacy protections for third-party applications.
The data leak has presumably affected up to 500,000 accounts, as was disclosed by Google in a blog post about the shutdown. Close to 438 different third-party applications may have had access to private information due to the bug, but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blogpost.
Smith defended the decision not to disclose the leak, by writing: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”
It is true that there are no federal law that makes it obligatory for Google to disclose data leaks, but laws at a state level certainly do. For instance, in California, where Google is headquartered, companies are only required to disclose a data leak if it includes both an individual’s name and their Social Security number, ID card or driver’s license number, license plate, medical information or health insurance information.
Though Google has now announced a series of reforms to its privacy policies, the leak brings to light the fact that there is an urgent need for more regulatory oversight for large technology platforms.
It is also surprising that Google tried to keep the leak out of the public eye.
Jeff Hauser, from the Centre for Economic and Policy Research stated that “Monopolistic internet platforms like Google and Facebook are probably ‘too big to secure’ and are certainly ‘too big to trust’ blindly,” and argued that the US Federal Trade Commission should move toward “breaking these platforms up”.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.