Google admits to potential Google+ data leak after getting caught

Google is shutting down its Google+ social community for shoppers after finding–and, for seven months, now not disclosing–a computer virus that may have uncovered personal data for up to 500,000 customers since 2015. The seek massive says this data is proscribed to static profile fields comparable to identify, e-mail deal with, age, gender, and profession, and does now not come with any Google+ posts or Google account data.

Although Google found out and patched the potential data leak in March 2018, the corporate to begin with opted now not to publicize it. The Wall Street Journal‘s Douglas MacMillan and Robert McMillan file that Google was once anxious about public belief and regulatory scrutiny, and that Google sought after to steer clear of comparisons with Facebook, which on the time was once coping with its personal data privateness scandal. (Google claims that it stored the computer virus secret as it discovered no proof of misuse, couldn’t determine affected customers, and couldn’t supply customers or builders with any plan of action.)

Shortly after the WSJ’s tale broke, Google introduced a suite of sweeping safety adjustments:

  • Google+ will close down for shoppers on the finish of subsequent August, giving customers time to obtain or switch their data. An endeavor model for inner corporate discussions will live to tell the tale.
  • Users who attach third-party apps with Google gets extra granular keep an eye on over what data will get shared. These adjustments will roll out over “the following few months.”
  • To mod down on potential misuse data, Google will handiest permit third-party Gmail apps that at once contain e-mail capability, comparable to e-mail shoppers, backup products and services, mail-merge products and services, and expense monitoring. Apps additionally gained’t be allowed to promote the data for advertising or advert concentrated on, and any human assessment of e-mail data will likely be “strictly restricted.” (An previous WSJ piece described how some Gmail apps have been permitting workers to learn customers’ emails and promote the data to entrepreneurs.) The adjustments practice to new Gmail apps right away, and to present ones early subsequent yr.
  • Google will restrict Android apps’ skill to get entry to SMS data, name logs, and contacts. Third-party SMS apps will nonetheless be allowed, however they are able to handiest get entry to this data if the consumer units the app as their default for textual content messaging.

Google says it all started reviewing developer get entry to at the beginning of this yr, so those new insurance policies may have arrived even with out the WSJ’s reporting. Now they only come off as injury keep an eye on.