New Google Plus Leak Hits 52 Million, Service Will Shut Down Sooner

Senior editor, security and privacy
Updated

Google Plus has had another data leak — and the doomed social network service's scheduled date of execution has been moved up from next August to April 2019.

Credit: Twin Design/ShutterstockCredit: Twin Design/Shutterstock

In a blog post today (Dec. 10), David Thacker, Google's vice president of product management for G Suite, announced that personal information pertaining to 52.5 million Google accounts was accidentally exposed for six days to third-party Google Plus apps. He added that to his knowledge, no bad guys noticed.

Exposed data included full names, dates of birth, email addresses, gender, relationship status, area of residence and employer or other associated organization. The first two items are two of the four essential pieces of data prized by identity thieves; the other two, Social Security/Social Insurance numbers and current street addresses, are thankfully not data that Google asks users for. (Most people with Gmail or other Google online services got Google Plus accounts, whether they asked for one or not.)

MORE: What to Do After a Data Breach

Google users can choose to make most of these data points public on their Google Plus pages, but can also restrict many of them to friends, friends of friends, or no one at all. The data leak was made possible when a Google Plus code change accidentally let third-party apps view data that users had restricted from public view.

"No third party compromised our systems," Thacker wrote, "and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way."

That's an improvement on the first Google Plus data leak, which was disclosed in October 2018 and did involve harvesting of the same types of data from the accounts of half a million Google users.

Because of this short window of exposure and the lack of evidence of compromise, we're not terribly worried that this data leak might harm anyone. But it does remind internet users that anything they put online may someday be publicly exposed.

As a result of this kerfuffle, Google Plus will be wound down in April 2019 rather than August 2019. (The exact date has not been disclosed.) Third-party apps will cease to work in Google Plus within 90 days, or early March 2019.

Best Identity Protection Services