New Google Plus Leak Hits 52 Million, Service Will Shut Down Sooner
Google Plus accidentally let third-party apps view private information, such as dates of birth, and will shut down four months earlier.
Google Plus has had another data leak — and the doomed social network service's scheduled date of execution has been moved up from next August to April 2019.
In a blog post today (Dec. 10), David Thacker, Google's vice president of product management for G Suite, announced that personal information pertaining to 52.5 million Google accounts was accidentally exposed for six days to third-party Google Plus apps. He added that to his knowledge, no bad guys noticed.
Exposed data included full names, dates of birth, email addresses, gender, relationship status, area of residence and employer or other associated organization. The first two items are two of the four essential pieces of data prized by identity thieves; the other two, Social Security/Social Insurance numbers and current street addresses, are thankfully not data that Google asks users for. (Most people with Gmail or other Google online services got Google Plus accounts, whether they asked for one or not.)
MORE: What to Do After a Data Breach
Google users can choose to make most of these data points public on their Google Plus pages, but can also restrict many of them to friends, friends of friends, or no one at all. The data leak was made possible when a Google Plus code change accidentally let third-party apps view data that users had restricted from public view.
"No third party compromised our systems," Thacker wrote, "and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way."
That's an improvement on the first Google Plus data leak, which was disclosed in October 2018 and did involve harvesting of the same types of data from the accounts of half a million Google users.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Because of this short window of exposure and the lack of evidence of compromise, we're not terribly worried that this data leak might harm anyone. But it does remind internet users that anything they put online may someday be publicly exposed.
As a result of this kerfuffle, Google Plus will be wound down in April 2019 rather than August 2019. (The exact date has not been disclosed.) Third-party apps will cease to work in Google Plus within 90 days, or early March 2019.
Best Identity Protection Services
Best Overall
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
Best Data Monitoring
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.
Best Tools
Good, but not the best. Identity Guard isn't bad, but for about the same price, IdentityForce UltraSecure+Credit offers more comprehensive personal-data and credit-file monitoring.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.