قالب وردپرس درنا توس
Home / Technology / What we know about the Google+ security bug and the company's decision to keep it safe

What we know about the Google+ security bug and the company's decision to keep it safe



Just one week after the news showed that a Facebook data breach had left at least 50 million accounts vulnerable, the internet giant announced Google a major security breach by itself. It said that a software smoothing had revealed private information about about 5,00,000 users from its social networking platform Google+. This contained details about users such as email addresses and names, as well as birth dates and sex.

A report in the Wall Street Journal Wall Street Journal referring to Google's internal documents said the security defect was discovered by the company in March but it decided to keep the information private and feared that the violation would lead to regulatory measures and damage to his reputation.

Here's a basic security vulnerability, why Google's trust is more than security, and why Alphabet, Google's parent company, decided to turn down Google+.

What do we know?

Wall Street Journal Wall Street Journal reports that Google had exposed user data and then chose not to reveal the case was published Monday, October 8th. Shortly after the report was published, the company owned. The internet giant said that Google+ had security nuts that are hard to fix and this had prompted to shut down their social networking community.

The loop that led to exposure to private data was found in the Google Apps Application Program Interface. APIs, as they are known, are a defined procedure for programmers to access public data from applications and websites. Google found the error while conducting an internal audit ̵

1; called Project Strobe – which aims to determine how much of Google's public data third-party applications or developers will have access to. In March, Google discovered that an error in Google+ was revealing a variety of information to developers. The information that was exposed was from March 2015 to March 2018 and included usernames, email addresses, date of birth, gender, profile photos, places of residence, occupation, and relationship status, according to the report WSJ .

If the data was abused, Ben Smith, Google's CEO, said in a blog post that the company had found no "proof" that developers were aware of the error and that no user data was "abused".

Was there a breach of trust?

In its report, the Wall Street Journal cited an internal document where Google officials acknowledge the security defect internally but chose not to publish it. This decision gained more attention than data exposure since it was viewed as a violation of the user's trust. This is especially because new rules in the company's home state California require a security deadline. The new changes in the state act, adopted in June, a few months after the Cambridge Analytica data harvest scandal hit Facebook , mandated mandate to increase "transparency in computer practice."

The report WSJ indicates that Google chose not to make a public statement about data vulnerability and fear of a setback in terms of further regulatory control. Also concerned that Google's CEO Sundar Pichai was summoned to the US Congress to be questioned about he

The report WSJ said that Google's internal note acknowledged that disclosure would lead to "we came to the spotlight next to or even instead of Facebook despite living underneath radar through the entire Cambridge Analytica scandal ». The note added that the error "almost guarantees that Sundar will testify before the congress."

Many people have questioned Google's decision not to be public about the error.

"You get out of front of these things," said Joseph Moreno, a former federal prosecutor, who now monitors cybersecurity issues at the international law firm Cadwalader, Wickersham & Taft, BusinessInsider reported. He added that the worst in this situation would have been for Google to shut down the break or pretend it did not happen.

The incident also received attention from international regulators. In Ireland, Ireland's Data Protection Regulator said that it would ask Google for more information about the security process, according to Reuters . The Data Protection Commissioner in Hamburg, Germany, has also launched a survey to retrieve more information about the data security bug.

Does the breach affect India?

According to a report by the analysis company ComScore India has the largest user base in Google+ after the United States.

"Google+ has a high user base in India, so it's almost certain that the error has exposed private information from Indian users," said Arun Mohan Sukumar, head of Observer Research Foundation's Cyber ​​Security and Internet Governance Initiative. "The breach is remarkable for the extent, although the information that is exposed by itself can not be valuable."

Due to Google's privacy policy, Google was unable to disclose personal information about the compromised accounts and did not inform any of its users of data exposure.

"We are very concerned about reports of the reasons why Google chose not to report the incident to users," said Raman Jit Singh Chima, Director of Access Now, an international nonprofit lawyer group. "Avoiding regulatory control or policy makers is not a legitimate reason why web companies can deny users information about vulnerabilities and potential privacy violations."

Attempted to answer the mistake of the Department of Electronics and Information Technology failed. From Wednesday, no request was made by the Indian authorities in the matter. Earlier events, such as the Cambridge Analytica case, led to inquiries that are still ongoing.

Why the Alphabet decided to close Google +?

Google + was released about seven years ago. It had a good start, with almost 111 million active users, but could not hold interest for a long time, and lost to other social media such as Facebook and Twitter. A Google+ user survey indicated that only 9% of the two billion profiles on the Google+ platform have publicly published content, as mentioned in Dailydot, a digital media company.

"It has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps," Ben Smith said in his blog post.


Source link