Google+ bug exposes non-public profile data for 52 million users

Two months after disclosing an error that exposed the private profile data of almost 500,000 Google+ users, Google on Monday revealed a new leak that affects more than 52 million people. The programming interface bug allowed developers to access names, ages, email addresses, occupations, and a wealth of other personal details even when they were set to be nonpublic. The bug was introduced in a release that went live at an undisclosed date in November and was fixed a week later, Google officials said in a blog post.

During the time the bug was active, developers of apps that requested permission to view profile information that a user had added to their Google+ profile received permission to view profile information about that user even when the details were set to not-public. What’s more, apps with access to users’ Google+ profile data had permission to access non-public profile data that other Google+ users shared with the consenting user. In all, the post said, 52.5 million users are affected.

Google said it was in the process of notifying consumer users who were affected. The post also said that Google is notifying affected enterprise customers by contacting administrators and sending them a list of affected users. Monday’s post didn’t say how many of the affected users were consumers versus enterprise customers.

Source: arstechnica.com