Google+ bug impacting 52.5M users announced day before CEO testifies in Congress
Just one day before Google CEO Sundar Pichai is to testify before Congress, Google announces it is expediting the end of Google+ to occur within the next 90 days after a second bug is discovered that impacted 52.5 million users.
With Pichai about to be grilled before Congress for a hearing called “Transparency & Accountability: Examining Google and its Data Collection, Use and Filtering Practices,” Google announced it discovered a second bug on Google+ affecting millions of users.
“We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API,” the Google blog reads.
When Google says, “some users,” it means, “We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.”
However, the company stated, “We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced.”
In October Google announced it was shutting down the consumer-facing part of Google+ after nearly 500,000 “users’ full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status were potentially exposed,” according to TechCrunch.
US Senator Richard Blumenthal then penned a letter urging the FTC “to immediately open an investigation into Google’s exposure of private information from Google+ users and this alleged concealment in its handling of consumer data.”
With the recent bug affecting over 50 million users, “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.
“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days,” according to Google.
Google CEO Sundar Pichai to Testify in Congress
On Tuesday Pichai will testify at a hearing in Congress. According to AOL.com, “That hearing will require transparency about things the company prefers to keep opaque, starting with how it ranks search results, and Pichai is unlikely to appreciate that line of questioning.”
A major topic expected at the hearing will be concerning Google’s planned launch of Dragonfly in China. Employees at Google are concerned that their work on creating a censored version of the search engine in China, Dragonfly, would be used to enable “state surveillance” and oppression.
Last month, Google employees took to Medium to write a post called, “We are Google employees. Google must drop Dragonfly.”
“Our opposition to Dragonfly is not about China: we object to technologies that aid the powerful in oppressing the vulnerable, wherever they may be,” the group called Google Employees Against Dragonfly highlighted.
According to The Verge, ” In September, Pichai traveled to Washington, DC to meet privately with Republican lawmakers over concerns involving algorithms and the company’s Dragonfly search engine project, but he has not formally sat before the panel for a public hearing.”
The Intercept previously reported, “Google built a prototype of a censored search engine for China that links users’ searches to their personal phone numbers, thus making it easier for the Chinese government to monitor people’s queries.”
“Google compiled a censorship blacklist that included terms such as ‘human rights,’ ‘student protest,’ and ‘Nobel Prize’ in Mandarin,” according to The Intercept.
According to Recode, Google has called the Dragonfly project “‘exploratory’ and framed it as being within initial phases of creation. Speaking at a conference in October, Pichai also defended the ethical merit of the project — saying that even with a censored product, Google could still ‘serve well over 99 percent’ of search queries.”
Google+ Bug Details
Google listed the following bullet points regarding the details of the latest bug:
- We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
- With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
- In addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
- The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
- No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.