In yet another instance of user data breaches on social media and networking platforms; it has been discovered that Google+ had invariable exposed user data to outside developers owing to glitches in the system over the course of two years.
While the data of up to 500,000 users had been exposed; Google states that the leak was patched in March of 2018 and no misuse of data has been detected. As a result of this fiasco, the consumer version of Google+ has been closed for good.
The data breach has resulted in the decline of shares for Alphabet Inc., Google’s parent company. Shares came down to 1.5%; registering at $1150.75 as a direct result of this latest data breach in the recent history of American tech giants.
According to Wall Street Journal which cited private sources and internal documents; the breach in the Application Program Interfaces level of Google+ was kept under wraps at Google owing to fears of increased regulatory scrutiny.
According to Google; the invariable exposure of user data has been investigated to analyze misuse of data, the type of data exposed, the need to inform Google+ users and associated actions to be taken by users and developers.
Google said, “None of these thresholds were met in this instance,” it said. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”
As per the European Union’s General Data Protection Regulation (GDPR), a breach of user data needs to be reported to a supervisory body within 72 hours of occurrence; not including breaches that do not threaten the rights to privacy and security of users.
An engineering professor, Geoffrey Parker, at Ivy League college Dartmouth said, “It seems like the downside risk of having a story that says they intentionally hid information about a major breach from users is bigger than the upside of avoiding scrutiny,”
“I wonder if there wasn’t more depth to the internal debate.”
Scrutiny by Regulatory Bodies
According to Google; the breach happened when Google+ was being revamped in 2015. This gave external developers access to Google+ user profile info such as name, address, email, occupation, age and gender. When discovered after 2 years in 2018; the breach was fixed without external interference with user data.
According to the WSJ report, a memo circulated by Google’s policy and legal staff; warned senior executives of the company of resulting regulatory scrutiny similar to what Facebook and Twitter have faced; as a result of disclosure of the breach.
Prior to this fiasco, Facebook was under fire for a data breach of 87 million users; a data breach which was harnessed for misuse by Cambridge Analytica; President Trump’s political consulting firm for the 2016 US election. Facebook faced a decline in shares and multiple investigations in the US and Europe as a result of this breach.
Additionally, According to the WSJ report; Sundar Pichai, Chief Executive Officer of Google was in on the plan not to inform users of the breach.
Google has also been under fire for failing to delegate a top-tier representative to the Sept 5th Senate Intelligence Committee hearing pertaining to counteractive efforts against foreign influence on domestic elections and political discourse.
Ivan Feinseth, analyst at Tigress Financial Partners opined; “I think Google does have a public relationship issue and this now makes their lack of openness even worse.”
At this hearing, the Senate Intelligence Committee rejected the inclusion of Google’s top lawyer and a chair remained vacant between Facebook’s Mark Zuckerberg and Twitter’s Jack Dorsey; indicative of Google’s absence.