This is a tough time to be a tech giant if this week’s headlines are any indication. On Monday, Google revealed in a blog post that Google Plus users had been attacked again last month when a software update contained a bug that affected a Google Plus API. Though Google found and fixed the bug within a week of its introduction, it had still impacted approximately 52.5 million users. Google said its is still investigating the exact impact, and it has started notifying consumer users of Google Plus as well as enterprise customers who were impacted.
According to the blog post, apps that asked for permission to view profile information in Google Plus profiles (e.g., name, email, address, occupation, age, etc.) were given access to users, even those whose profiles were set on the “not public” setting. Apps that could access profile data could also access the profile data shared with others, even when not shared publicly. Despite these concerning issues, Google said the bug did not give developers access to financial data, social security numbers, passwords or other data that is typically stolen for fraudulent purposes or identity theft.
|Customer Retention 2020:
5 Trends That Will Change Your Subscription Business
Change is coming for the subscription industry. Customer retention is a top priority while competition grows and customer expectations shift. Register now to understand the trends and discuss what companies should do to ensure success in 2020. This free webinar is April 2nd at 1 PM Eastern.
Google is trying to look at the bright side.
“No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way,” said David Thacker, vice president of product management, G Suite in the December 10 post.
This news comes just two months after Google announced a data breach that exposed as many as 500,000 users. As a result of that breach and the difficulty in protecting user data through Google Plus APIs, Google said it would shut down Google Plus in August 2019. Because of this data breach, Google is accelerating the shutdown. It will sunset all Google Plus APIs over the next 90 days, and consumers will see Google Plus shut down in April 2019, rather than August 2019.
“We want to give users ample opportunity to transition off of consumer Google Plus, and over the coming months, we will continue to provide users with additional information, including ways they can safely and securely download and migrate their data,” said Thacker.
Enterprise customers are being handled differently. Though Google is contacting impacted customers, the company stresses that G Suite administrators control user apps and are responsible for vetting apps. They should only grant access to apps they’ve determined are trustworthy. While Google is shutting down the consumer version of Google Plus, it will continue to support in Google Plus enterprise.
“We understand that our ability to build reliable products that protect your data drives user trust. We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs. We will never stop our work to build privacy protections that work for everyone,” concluded Thacker.
The data breach is not the only reason to shut down the consumer version of Google Plus. In its blog post, Google admits that the platform had “low usage” among consumers.
In an unrelated story, Google CEO Sundar Pichai testified before the House Judiciary Committee this week on a range of issues, including alleged bias in Google search results, YouTube moderation policies and the company’s stance on developing a search product for the Chinese market, reports The Verge.
Google and Facebook have been taking a beating in the press and rightly so for everything from political views and treatment of employees to data breaches and privacy concerns. We’ll give Google credit for at least disclosing this data breach more quickly than the last one. The first data breach involving Google Plus was discovered in March but not disclosed until October. This one only took a few weeks to be revealed. It really boils down to transparency and trust. If you aren’t transparent with your customers, you’ll lose their trust. When you lose their trust, you will eventually lose your customers. It reminds me of the Voltaire quote, “With great power comes great responsibility.” Let’s see if Google takes that to heart.