Google Plus Data Breach: The Fall of Google Plus
Table of Contents
- By David Lukic
- Published: Nov 10, 2020
- Last Updated: Mar 18, 2022
Software is far from perfect, and even industry giants like Google can fall prey to bugs that threaten security. In December of 2018, Google announced that a bug in their Google plus social network had allowed access to user’s personal details from 2015 until 2018. Upon discovering the bug, they fixed it, but for three years 500,000 user’s data was exposed. Google plus shut down when evidence of another bug occurred in November of 2018, exposing personal data for 52.5 million users. Google assured customers that no financial data was included or social security numbers, only profile data such as name, email, phone, occupation, age, gender, etc. Google responded to reports of the Google plus data breach with
“Our testing revealed that a Google plus API was not operating as intended. We fixed the bug promptly and began an investigation into the issue,”
Google also does not believe that the data was accessed by a third-party but has no way of knowing for sure.
When Was the Google Plus Breach?
The original Google Plus data breach took place during 2015 all the way through 2018 when a bug was discovered, allowing outside developers to view private profile details of other users even if they were set to private. The second Google Plus data breach occurred from November 7th to November 13th, only six days, but plenty of time for cybercriminals to hack the data. The initial bug impacted about 500,000 users and the second 52.5 million.
How to Check if Your Data Was Breached By The Google Hack
Google identified all affected users and enterprise customers and notified them through the mail. They gave users the option of deleting their profile and all information before they pulled the plug on Google plus for good in August of 2019. If you did not receive a notification from Google, then you were not affected.
What to Do if Your Data Was Breached By The Google Plus Hack
Even the basic information stolen was enough to target users with phishing scams or trick you into providing the remaining data needed to steal your identity. Normally the first course of action would be to delete your Google plus account, but since Google shut it all down, that part is done. What you can do now is:
-
Carefully monitor your bank and credit card statements looking for fraud.
-
Be very cautious when opening emails. Look for suspicious language, poor grammar, and emails that want you to click a link to “verify your details” or open an attachment. If they sound scary or pushy, don’t do anything with them. They are most likely phishing scams.
-
Never give out your personal information to anyone you do not know.
-
Monitor your credit report and sign up for ongoing credit monitoring with a company like IDStrong.com.
Was Google Plus Hacked Because of the Bug?
The decision for Google plus shut down was most likely a tactic to remove any “immediate regulatory interest” in the company. Since Facebook’s Cambridge Analytica scandal, everyone is on edge and quick to lump all data breaches into the same category. As an effort to avoid this, Google decided to shut down the service, but not before the service experienced an even bigger issue. Through Project Strobe, an attempt to review all third-party developer apps and their access to Google services, Google identified the additional bug and quickly closed the gap. Although they are under close scrutiny, Google is not yet being investigated by the FTC.
Can The Google Plus Breach Cause Identity Theft?
Even the most basic information can lead a cybercriminal to enough data to hack your identity. When names and email addresses are stolen from companies like Google, they can be matched with other data breach information on the dark web. Perpetrators sell volumes of data every day to cybercriminals looking to steal your identity and open lines of credit or hack into your computer and hold it ransom.
How to Protect Yourself Online
Most of us use social media sites, and we tend to trust big-name companies like Google. However, no one is really safe online. When you put your information out there, it can be accessed no matter how good the security of the platform.
Some things to do to stay safe are:
-
Install good antivirus software on your computer and run deep scans often.
-
Watch out for phishing emails or other scams.
-
Never click a link or download attachments in email.
-
Don’t give out your personal details online unless you accept the dangers of them possibly being breached.
- Constantly monitor your credit report, bank statements, and credit card charges looking for suspicious activity.