Important Information about Google+ APIs data breach

Cybersecurity Insiders has already reported about the Google+ data breach last year. And to prove the point further, here’s an email proof which the internet juggernaut is found mailing to its users in order to keep them informed about the cyber incident.

Dear Google User,

We are writing to inform you of a technical issue caused by a software update, which affected Google+ APIs (Application Programming Interfaces) between November 7th, 2018 PT and November 13th, 2018 PT when the issue was fixed. We have determined that the impact of this technical issue was limited to Google+ APIs that return profile information about users and resulted in two potential unintended effects:

    1. If you granted an app permission to view your profile information, such as name, email address, occupation, the app inadvertently was able to request and view more profile fields that you granted the app permission to view.

    2. If a person with whom you had shared profile information granted an app permission to view your public profile fields, that app was able to request and view your public profile fields, as intended, but inadvertently was also able to request and view any profile fields you had shared with that person, including profile fields that you had shared with that person but not shared publicly.

This issue was limited to profile fields and did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.

The issue was detected by our automated testing and fixed on November 13th, 2018 PT. We have no evidence that the app developers who inadvertently had this access for six days were aware of it or misused it in any way.

For your information, we are attaching a list of the affected fields and the corresponding app names (where available). For a list of all third-party apps you have granted access to your account, please review your security preferences – Third-party apps with account access.

Please note that this issue was discussed in the Google+ blog post dated December 10th, 2018.

We would like to sincerely apologize for any inconvenience this may have caused. If you have any questions please contact us via this .form


The Google Apps Team

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display