Google revealed on Monday that it has decided to push forward the shutdown of its Google Plus social network after detecting an API bug that exposed details of 52m users, according to a recent blog post.
The major breach comes two months after the company discovered a bug that exposed the data of 500,000 users in October. The API bug forced Google to announce the closure of Google Plus for August 2019.
However, after discovering a new bug in Google Plus software, the company said Google Plus platform will now officially end in April 2019. Google said they found the defect and fixed it by November 13th.
Though user’s data was left vulnerable for a total of six days, Google said there was “no evidence of user’s data being misused”.
“With the discovery of this new bug, we have decided to expedite the shut-down of all Google Plus APIs; this will occur within the next 90 days,” David Thacker, Google’s vice president of project management, wrote in the blog post.
“In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognise there are implications for developers, we want to ensure the protection of our users.”
In the blog post, Google Vice president of product management, David Thacker, said they found the API bug during a routine test of their latest software update that was released in November.
“We understand that our ability to build reliable products that protect your data drives user trust,” Thacker wrote. “We have always taken this seriously, and we continue to invest in our privacy programs.”
Security improvements after API bug
In the wake of Google’s latest data breach, Paul Farrington, director EMEA Solution Architects at Veracode, calls for consistency in security and app performance scans: “Hackers are increasingly taking advantage of vulnerabilities in web and software applications and businesses are making their life very easy, with our recent research revealing that more than 85% of applications have at least one vulnerability when first scanned.”
“Security needs to become a top priority for business leaders on 2019 and built earlier into the development lifecycle,” he added.
He also noted businesses that practice good DevSecOps hygiene “will reap the benefits of secure data for consumers and citizens alike. By testing for vulnerabilities in web and software applications early, security teams can eradicate flaws akin to the one seen in Google Plus’ system rapidly before any personal and financial data is left open to cybercriminals”.
He concluded: “In this instance, Google has been lucky that no customer data has been compromised by hackers exploiting the flaw in their website, which originated from a vulnerability in an API. However, with the reputational and financial damage caused by data breaches, organisations cannot afford to take the risk.”