Google+ Bugs Exposed Private Profile Information

From Privacy Wiki
Jump to navigation Jump to search
Google+ Bugs Exposed Private Profile Information
Short Title Google+ Bugs Allowed Developers Access Private Profile Information
Location Global
Date 2018

Taxonomy Insecurity, Increased Accessibility
Information Communication, Identifying, Demographic, Contact, Professional
Threat Actors Google

Affected Google+ users
High Risk Groups
Secondary Consequences

In 2018 two major vulnerabilities were discovered on Google+, that exposed private profile data of many users. Google announced shutdown of Google+ because of that.


In 2018 Google announced that the Google+ platform had experienced a software bug between 2015 and 2018, which allowed app developers to access about 500.000 Google+ profile field information in an unintended manner. Insecurity

Later the company announced that an additional bug in a Google+ API, part of a November 7 software update, exposed user data from 52.5 million accounts. Google found the flaw, and corrected it by November 13. This means that app developers would have had improper user data access for six days. Google says it doesn't have any evidence that the data was misused during that time, or that Google+ was compromised by a third party.

The bug exposed Google+ profile data that a user hadn't made public—things like name, age, email address, and occupation—and some profile data shared privately between users that shouldn't have been accessible. Increased Accessibility

In 2020 there was a class action lawsuit filed against Google in California. In June 2020 U.S. District Court for the Northern District of California granted preliminary approval of this class action Settlement.

In October 2018 Google announced that it would shut down Google+ in 2019 because of the vulnerabilities the company had discovered.

Risk Statistics

Laws and Regulations