Despite its slow agony (read Google+: a taboo of failure written here in July 2015), Google+ has so far persisted. Deserted by "just about everyone", it has remained for a handful of users (at the Google scale, it still represents a few million) a preferred destination to feed discussions of any kind taking advantage of the system "Circles", introduced by the Mountain View company, from its launch in 2011. Google has yet tried everything, including force users of YouTube to create an account to comment on videos. In vain…
It must be believed that this situation could have continued for years, as it seemed taboo to unplug the service. This Monday, we learn at the turn of a Wall Street Journal article that Google's social network has for more than 3 years at least one security breach that endanger the personal data of its users. It was discovered last March during an internal audit. She would now be responsible for the announced closure of the network, unless it is an excuse to (finally) stop costs.
Specifically, through the Google+ API, it was then possible for third-party services to interface with the network, including to connect. This was confirmed in a statement by Ben Smith, VP Engineering. Once discovered in March 2018, this flaw was corrected in the wake, without the users – or authorities for that matter – being warned. According to Google, no evidence has highlighted the exploitation of the flaw by malicious developers and a possible data leak.
In the United States, no law obliges companies in this situation to communicate the existence of a fault if it has not caused data leakage. "Not seen not caught".
In Europe, this has been mandatory since the entry into force of the GDPR. Failure to comply with them is tantamount to risking a very heavy financial fine …
Thus, for three years, third-party applications – no less than 438 according to Google – have been able to access personal information of hundreds of thousands of users. Their name and surname, email address, age, job, and gender are part of it. Their phone numbers and the content of messages posted privately on the network would be excluded.
Thus, the release explains not only the nature of the data released without control, but most importantly, announces the stop pure and simple of Google+, under 10 months. During this period, users will be able to export their data, after which the service will close for the general public.
Beyond the closure of its social network, Google announces the tightening of its API access conditions, in the manner of changes that Facebook has to operate following the scandal Cambridge Analytica.
So ends the social adventure of Google. An adventure that has never been successful. Google+ was quickly a failure. Like Google Wave, Google Buzz, or Google Lively. Who remembers?
Follow me on twitter :