Google+ bug exposes non-public profile data for 52 million users
Goof let developers see names, email addresses, and more, even when set to be nonpublic.
Two months after disclosing an error that exposed the private profile data of almost 500,000 Google+ users, Google on Monday revealed a new leak that affects more than 52 million people. The programming interface bug allowed developers to access names, ages, email addresses, occupations, and a wealth of other personal details even when they were set to be nonpublic.
The bug was introduced in a release that went live at an undisclosed date in November and was fixed a week later, Google officials said in a blog post. During the time the bug was active, developers of apps that requested permission to view profile information that a user had added to their Google+ profile received permission to view profile information about that user even when the details were set to not-public. What’s more, apps with access to users’ Google+ profile data had permission to access non-public profile data that other Google+ users shared with the consenting user. In all, the post said, 52.5 million users are affected.
“The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft,” Monday’s post said. “No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.”