A flaw in Google+'s computer code has made personal data of 52.5 million social network users vulnerable, Google announced on Monday (December 10th). The company says it has not found any indication that the flaw was used. As a result of this discovery, the social network shutdown date, announced in October because of a similar loophole, was advanced in April 2019. Google+ was originally scheduled to close in August.
A fault open for seven days
This new security vulnerability was not discovered due to hacking, but an error made by Google developers. The latter realized that they had introduced a defect in the programming interface (or API, for application programming interface, in English) from Google+ – an IT mechanism that allows external application developers to engage with Google+ services and retrieve some data.
This flaw lasted only six days: Introduced Nov. 7 with a Google+ API update, it was corrected Nov. 13, according to Google. Data that was available during this time included name, email address, occupation, and age, even when Google+ users chose to keep this information confidential.
The large number of people involved is explained by the fact that a large portion of Internet users with a Google account (Gmail for example) has a Google+ account.
The CEO of Google, Sundar Pichai, must precisely be heard, Tuesday, December 11, by the US House of Representatives, who could ask him for explanations on this new disappointment in personal data.