Bug in Google+ API exposed personal data of 52.2 million users

Google announced this week that it would expedite the shutting down of the consumer version of Google+ after the company discovered that a freshly-introduced bug in a Google+ API exposed personal information of up to 52.5 million users to app developers and third parties.

Earlier this year, Google initiated Project Strobe, an exercise that involved an in-depth review of all Google+ APIs to assess whether such APIs allowed developers to strictly access data that was authorised by consumers.

During its investigation, the company stumbled upon a bug-ridden Google+ People API that gave developers of as many as 438 applications access to customer data for which users never granted access and included sensitive data such as names, email addresses, occupations, gender, and age of up to 500,000 Google+ users.

Following the discovery of the massive exposure of customer data, Google announced its decision to shut down the consumer version of Google+ by August 2019, stating that there were “significant challenges” in creating and maintaining a successful Google+ that met consumers’ expectations and that the consumer version of Google+ had very little to show in terms of consumer engagement or usage, with 90 percent of Google+ user sessions lasting less than five seconds.