A couple weeks back we reported that Facebook was in the cross-hairs of regulators and litigants around the world as a result of their latest breach. Well this week some of that unwanted attention was turned from Facebook to rival Google.
Google+ Attains “Me Too” Status with Breach
Google+ was a failed Facebook “me too” attempt from Google that never worked well, never threatened Facebook for market share and finally through its own security flaws finally reached parity or perhaps even bested Facebook at some level.
Should Have Shut it Down a Long Time Ago
The flaw, first brought to the public’s attention in an article on WSJ.com last week would have never happened had Google parent company Alphabet, Inc. performed some product line pruning years ago. It’s been clear for years to even the most casual observer that Google+ was a flop and would never gain widespread acceptance or use.
Instead, Google found itself with a 500,000 user vulnerability from 2015 until discovered earlier this year and decided to try to cover it up “in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.” To their credit, Google fixed the breach immediately upon finding it, they just hoped no one would ever learn about its prior existence.
A Google internal review team discovered the API vulnerability which impacted approximately 500,000 accounts. The flaw allowed the API to grant access to information on a user’s profile which hadn’t been marked as public. Google sources state that access was granted to information such as name, occupation and age. Phone numbers and other more personal information stored on your Google account remained safe. We can only hope that this is true since all of your Google related properties from Gmail, to contacts to AdWords and YouTube are all linked together.
The flaw, by today’s standards seems rather benign and spun correctly; Google might have come away smelling like the proverbial rose. Instead by covering it up they are drawing some serious heat from Congress.
- Senators John Thune, Roger Wicker, and Jerry Moran, want answers. The trio sent a letterto Google CEO Sundar Pichai requesting information about the nature of the company’s response to the discovery of the glitch.
- Senator Chuck Grassley (R-Iowa) wrote directly to Google CEO Sundar Pichaion Friday. Grassley pressed on why Google had declined to participate in earlier Congressional hearings in April that focused on Facebook.
Social networks such as Google+ and Facebook pose a tremendous threat to the privacy of individuals and corporations who choose to use them. The use of a single Google login to access multiple properties means that the breach of a singular system, in fact, represents the breach of potentially hundreds. Extreme caution with social media has always been advised and this latest breach drives that home. While convenient, using shared credentials for access should be avoided as a security best practice.