50 million people 's risk of personal information leakage There is a bug that Google + will bring the closing time to April 2019 ahead of schedule

Google+, which had already announced the termination of service, will be shut down in April 2019 four months earlier than planned. About 52.5 million Google+ users may have been affected, according to Google, due to a security risk that privately-set personal information is leaked.

Expediting changes to Google+

When announcing the end of the Google+ service in October 2018, along with the reason "The use of the service is sluggish", Google released a "bug where personal information of secret setting of a maximum of 500,000 users is released I found it. "

Another 500,000 people leaked out of Google+ is due to service termination, another reason is pointed out due to poor use - GIGAZINE

According to Google, when updating in November 2018, we found a vulnerability in Google+ API that risks the leakage of new personal information of more than 52.5 million users. Due to a bug in this software, even if the user's name, e-mail address, occupation, and age are set to "non-disclosure", it seems that they were in a state that they could be accessed from third-party applications. In addition, it is said that the process of informing the user about the possibility of being influenced is in progress from the Google side.

The API with this vulnerability was discovered on 7th November 2018 and the vulnerability was fixed on 13th November and it was said that the vulnerability was exploited to obtain information by third party applications during that period Google says there is no evidence.

In response to the discovery of a new vulnerability, in order to make Google's API shutdown faster, we changed the timing of the Google+ service to 4 months ahead of the original schedule and changed it in April 2019. For Google+ users, we will offer the opportunity to download data safely and transfer it to another service over the next few months.

in Web Service,   Security, Posted by darkhorse_log