Google Plus has had another data leak — and the doomed social network service's scheduled date of execution has been moved up from next August to April 2019.
In a blog post today (Dec. 10), David Thacker, Google's vice president of product management for G Suite, announced that personal information pertaining to 52.5 million Google accounts was accidentally exposed for six days to third-party Google Plus apps. He added that to his knowledge, no bad guys noticed.
Exposed data included full names, dates of birth, email addresses, gender, relationship status, area of residence and employer or other associated organization. The first two items are two of the four essential pieces of data prized by identity thieves; the other two, Social Security/Social Insurance numbers and current street addresses, are thankfully not data that Google asks users for. (Most people with Gmail or other Google online services got Google Plus accounts, whether they asked for one or not.)
MORE: What to Do After a Data Breach
Google users can choose to make most of these data points public on their Google Plus pages, but can also restrict many of them to friends, friends of friends, or no one at all. The data leak was made possible when a Google Plus code change accidentally let third-party apps view data that users had restricted from public view.
"No third party compromised our systems," Thacker wrote, "and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way."
That's an improvement on the first Google Plus data leak, which was disclosed in October 2018 and did involve harvesting of the same types of data from the accounts of half a million Google users.
Because of this short window of exposure and the lack of evidence of compromise, we're not terribly worried that this data leak might harm anyone. But it does remind internet users that anything they put online may someday be publicly exposed.
As a result of this kerfuffle, Google Plus will be wound down in April 2019 rather than August 2019. (The exact date has not been disclosed.) Third-party apps will cease to work in Google Plus within 90 days, or early March 2019.
Best Identity Protection Services
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
Best Data Monitoring
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.
Good, but not the best. Identity Guard isn't bad, but for about the same price, IdentityForce UltraSecure+Credit offers more comprehensive personal-data and credit-file monitoring.
During the audit of the code, called "Project Strobe" (Project Strobe), the company discovered an error in one of the API, which could lead to leakage of personal data from Google+ accounts. This error allowed other user-installed apps to access the Google+ API to read non-public information about their friends, such as name, age, gender, email address and place of work. No other data is affected by this vulnerability.
Therefore, I use the vpns both on mobile and on pc to protect my network and encrypt sensitive data.
A VPN wouldn't have made any difference in this case. The Google Plus website has always used HTTPS, and your communications with it have always been encrypted end-to-end. The leak occurred within the Google Plus environment, with internal processes talking to each other; VPNs would not affect those internal processes.
Your link advertises free VPN services. We do not advise that anyone use free VPN services, ever.