We are reader supported. External links may earn us a commission.


Second Google+ API vulnerability admitted, network shutdown sped up

By Jules Wang December 10, 2018, 5:50 pm

Google+, the longtime also-ran social media network, is closing before its initially promised August deadline.

In October, The Wall Street Journal had reported that a vulnerability in its developer APIs had allowed third-party apps to obtain personal details such as date of birth, email address and employer. Subsequently, Google announced for its own reasons — low usership or otherwise — that it would close in 10 months.

Today, Google has once again commented on its The Keyword blog, saying that it had found an API bug —separate from the bug the Journal was told about from sources — only last month. The bug had an estimated impact on 52.5 million accounts, but the company said it was confident that data was not abused.

The company patched the security hole within a week of its discovery. Since then, it has also decided to expedite the sunsetting of Google+ APIs, resulting in the consumer version of Google+’s shutdown coming in April 2019.

Google has consistently maintained that Google+ for enterprise would go on operating and that customers would be notified of who in their organization is affected by the bug.

Google is also due to shut down its Allo consumer chat app and the legacy version of Hangouts in favor of alternative solutions.

Correction: An earlier version of this article stated that Google had only admitted to the bug revealed in October. Pocketnow regrets the error.

Latest Articles