Another reason is pointed out that Google+ which leaked 500 thousand users' information leaks the service, due to poor utilization

It was revealed that SNS "Google+" which leaked about 500,000 user information will end the service. The service termination is "The use of the service is weak" and it is said to be a reason for slumping for a long time, but it is pointed out that bigger privacy concerns are held by Google.

Project Strobe: Protecting your data, improving third-party APIs, and sunsetting consumer Google+

In Google+, there is a bug in "Google People API", not only user data that is permitted to be released, but also privately-set user data is also vulnerable to accessing third party applications, We acknowledged on the official blog that 500,000 non-public information of Google+ users leaked.

The problem was when the leak of information came out, according to Google, "The bug was discovered in March of 2018 and it was fixed immediately." At that time, Google did not disclose the possibility of Google+ user information leakage. The information that may have been affected is name, email address, date of birth, sex, and communication data such as telephone number and message contents are not included. According to Google, there are a maximum of 438 applications using the API, and it says that API log data retention period is two weeks, so we can not identify bug affected users.

In the wake of suspicion of information leaks, we announced that we will terminate the Google+ service for consumers. In addition, it is said that the complete closure of services will be at the end of August 2019 so that users can respond such as data migration.

Wall Street Journal (WSJ) reports that termination of Google + has bigger privacy concerns against Google, which states that the service usage situation is weak.

Google Exposed User Data, Feared Repercussions of Disclosing to Public - WSJ

According to WSJ's internal Google document, "Google knew that there was a possibility that user information leaked, but decided not to disclose that." The reason is that it is Facebook's problem that the privacy problem was largely picked up by the problem of information leakage by Cambridge Analytica. If we disclose the possibility of information leakage, it is certain that there is a strict pursuit from the regulatory authority, and we are concerned about becoming a Facebook dance. Furthermore, WSJ says that Thunder Pichai CEO was explained about the decision to not disclose information.

There seems to be some opinion that the problem should be publicly disclosed inside Google, but it seems that it was finally decided that a private decision was made from the legal theory that "Google is not legally required to disclose the privacy issue" is. Unlike the EU countries where GDPR was enforced, although there are no federal laws in the United States that set out "the obligation to notify users of potential data breaches that enterprises suffer", we are at risk of having a class action lawsuit I will.

in Web Service,   Security, Posted by darkhorse_log