Irish data regulator seeks information from Google on security bug

Remigio Civitarese
Ottobre 11, 2018

Google on Monday said it has chose to shut down its social media network, Google+.

The Wall Street Journal reported earlier that Google opted not to disclose the security issue due to fears of regulatory scrutiny, citing unnamed sources and a memo prepared by Google's legal and policy staff for senior executives. Explaining this bug, Google said, "With this API, users can grant access to their Profile data, and the public Profile information of their friends to Google+ apps". But Google says it has no way of confirming these numbers or which users may have had their data exposed improperly.

"None of these thresholds were met here.", she said.

Alphabet shares fell 2.3 percent to $1,140 at 1:14 p.m.in NY, after earlier dropping to $1,136.50, the lowest intraday price since July 5.

"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused", Smith said.

Google has not been able to zero in on the users who have been affected, but claims that some 500,000 accounts, active between 2015 and 2018, were potentially affected.

The service will stay online for enterprise customers and business networks that use Google+ software.

Even if a third party did not exploit the security vulnerability identified by Google, the SEC probably would be interested in whether investors were properly notified about the risks and the incident, Stark said.

Google discovered and immediately patched this bug in March 2018.

Google+ API's log data is only for kept two weeks, so it can not confirm which users were impacted by this bug.

Google has declined to comment on why it held off reporting the breach.

But though Google is trying to downplay the significance of the incident, it's likely to have bigger repercussions for the company.

Google is shutting down its failed social network and authentication system Google+.

"If Google hadn't obtained consent from the users of Google+ to share their information with the software developers, then Google could well have problems with the FTC", said Vladeck.

At the same time, Smith has detailed a range of new privacy and security features, under the codename Project Strobe, including more granular permissions over data sharing inspired by its Android permission dialogues and limitations to the types of data particular applications can access on both desktop and mobile.

Play Store apps will no longer be allowed to access text message and call logs unless they are the default calling or texting app on a user's device or have an exception from Google.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE