Another information breach via a social media platform…this one was does not sound like it was a bad one (via Google+ back in November of 2018)…but this is becoming more and more common with social media platforms. Here is an email Google sent out:
Dear Google User,
We are writing to inform you of a technical issue caused by a software update, which affected Google+ APIs (Application Programming Interfaces) between November 7th, 2018 PT and November 13th, 2018 PT when the issue was fixed. We have determined that the impact of this technical issue was limited to Google+ APIs that return profile information about users and resulted in two potential unintended effects:
- If you granted an app permission to view your profile information, such as name, email address, occupation, the app inadvertently was able to request and view more profile fields than you granted the app permission to view.
- If a person with whom you had shared profile information granted an app permission to view your public profile fields, that app was able to request and view your public profile fields, as intended, but inadvertently was also able to request and view any profile fields you had shared with that person, including profile fields that you had shared with that person but not shared publicly.
This issue was limited to profile fields and did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
The issue was detected by our automated testing and fixed on November 13th 2018 PT. We have no evidence that the app developers who inadvertently had this access for six days were aware of it or misused it in any way.
For your information, we are attaching a list of the affected fields and the corresponding app names (where available). For a list of all third-party apps you have granted access to your account, please review your security preferences – Third-party apps with account access.
Please note that this issue was discussed in the Google+ blog post dated December 10th, 2018.
We would like to sincerely apologize for any inconvenience this may have caused. If you have any questions please contact us via this form.
The Google Apps Team
You should always consider the possible consequences when logging into a website using your social media credentials…Facebook, Google or any others. Creating individual usernames and password is annoying…but it is a much safer option.