Skip to content
Link copied to clipboard

Google reveals new security bug affecting more than 52 million users

Google revealed Monday that its soon-to-be-shuttered social network suffered from another security lapse.

FILE- In this Wednesday, June 27, 2012, file photo, Vic Gundotra, Google Senior Vice President of Engineering, talks about Google Plus at the Google I/O conference in San Francisco.  Google is phasing out its "iGoogle" service that allows millions of people to personalize its home page with applications such as weather updates and stock quotes.
FILE- In this Wednesday, June 27, 2012, file photo, Vic Gundotra, Google Senior Vice President of Engineering, talks about Google Plus at the Google I/O conference in San Francisco. Google is phasing out its "iGoogle" service that allows millions of people to personalize its home page with applications such as weather updates and stock quotes.Read more / AP

Google disclosed Monday that its soon-to-be-shuttered social network suffered from another security lapse, a software bug that could have allowed third-party apps and developers to gain access to 52 million users' personal information without their permission.

For six days in November, an update to the underlying code of Google+ meant that apps seeking to access users' profile information — including their names, email addresses, occupations, and ages — could view that data even if it was “set to not-public,” Google said in a blog post. Apps could have accessed some nonpublic profile data that had been shared with a user as well.

Google said that its systems had not been compromised and that there's "no evidence that app developers" were aware of the bug or "misused it in any way." But the revelation threatens to sharpen the scrutiny of the company's chief executive, Sundar Pichai, when he testifies to Congress on Tuesday.

The security mishap is the latest stumble for Google’s problematic social media offering. In October, Google admitted it had failed for six months to disclose information about a bug that put at risk the data of hundreds of thousands of users.

Among those looped into those discussions about delaying public notification was Pichai, a person familiar with the matter said at the time. Google said it delayed the release of the information because it was initially uncertain about which users were affected or that the data had been misused.

In response to its latest findings, Google said Monday that it would shutter its social network in April 2019, five months sooner than it initially announced. The company also said it would inform affected users, including "any enterprise customers."

“We understand that our ability to build reliable products that protect your data drives user trust,” wrote David Thacker, a vice president for product management at Google. “We will never stop our work to build privacy protections that work for everyone.”

Google discovered its earlier Google+ security bug in March, the same month that Silicon Valley rival Facebook was facing scrutiny over its role in allowing people affiliated with political consultancy Cambridge Analytica to collect data on 87 million users. That episode prompted demands that Facebook chief executive Mark Zuckerberg testify on Capitol Hill, which he soon did.

The Federal Trade Commission has investigated privacy issues at Google and other leading technology companies on several occasions. Google signed a consent decree with the FTC in 2011 to settle allegations that an earlier social media platform, Google Buzz, mishandled user data.