NEW YORK — The social network of Google, Google+, has been affected by a vulnerability that exposed the personal data of half a million accounts, said on Monday the internet giant, while announcing measures to protect the information of the internet users.
In march, during an audit of internal security –dubbed Project Strobe– Google+, which are automatically registered in the people with a gmail address, the group of Mountain View (California) has discovered a vulnerability that he had “immediately” stopped.
The names of the owners of 500 000 accounts, their email address, their profession, their gender and their age are the main data to which third parties may have access, ensures Google in a blog post.
Data posted by users, such as messages, information on the Google account or phone numbers, could not be seen or viewed, adds Google, suggesting, however, that he could not identify with certainty the users affected by the flaw, nor their location.
Up to 438 applications would have been able to take advantage of this vulnerability, which has existed from 2015 to the beginning of march 2018.
The application developers were not aware of the flaw, says the company, and would not, therefore, served data, exposed: “We have not found evidence to show that the data have been used inappropriately.”
Google does not say if this security flaw is due to an hacking and does not give the reasons why he waited several months to make public this information.
According to the Wall Street Journal, the leaders of the group feared they would attract the attention of regulators, and feared the same treatment as that reserved for Facebook following the scandal Cambridge Analytica. This british company is accused of having collected and used without their consent, the personal data of users of the social network american, for political purposes.
“Every time data of a user are assigned, we do more than what we demand of the law and apply several criteria to determine if we need to notify”, responded to the AFP a spokesperson of Google.
In the present case, the reasons for the silence of the company are the nature of the information disclosed, the absence of inappropriate use of the data exposed and the fact that it was not possible to determine with precision which users inform, ” says the group.
Google+, which boasts millions of users, is primarily used by professionals focusing on topics that are very specific and can see the updates of their contacts via “circles”.
These are in fact groups of contacts created by the user according to the criteria of his choice –interest, categories of customers, relationships,…– and within which it is possible to decide the content that will be shared.
It is also possible to create communities in which the participants can exchange, interact and share information on specific topics, while the dialog system video (Google Hangout) allows you to hold conference calls.
Available in Web version and mobile app, Google+ has been adopted very quickly by businesses, but Google claims to have found a great inactivity in individuals, which will lead to the arrest of this version to the general public.
The internet giant wants to turn quickly this page embarrassing the flaw, with new measures to allow users to have better control of their data.
Application developers will no longer have access to data related to SMS messages sent or received by phones running the Android operating system, incoming calls, and will have their access to the address book of the users limited.
A user will also receive now an individual request for access to data of different Google services to which it has recourse. For example, it might choose to allow access to the information contained in its schedule and refuse the use of those stored in gmail.
These measures are effective, according to Google, this month for new users and early 2019 for the former.