Google+ is one of the best social media platforms out there. Google revealed today a second bug in the Google+ API that could have been abused to steal the private data of nearly 52.5 million users. It also mentioned in the official blog of Google.
According to a Google spokesperson, the bug came to light following internal tests and was not exploited by any third-party, at least based on current evidence.
The vulnerable API in question is called “People: get”. It has been designed to let the software developers request basic information associated with a Google+ user profile.
However, software update in November introduced the bug in the Google+ People API that allowed apps to view users’ information even if a user profile was set to not-public.
Google engineers discovered the security issue during standard testing procedures and addressed it within a week of the issue being introduced.
Google said, “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way”.
Google also assured the users that no passwords, national identification numbers, financial data, or any other sensitive data have not exposed by this API bug.
Google also said, “Our investigation is ongoing as to any potential impact to other Google+ APIs”.