{"id":4086,"date":"2018-12-11T11:39:09","date_gmt":"2018-12-11T15:39:09","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4086"},"modified":"2018-12-11T11:39:09","modified_gmt":"2018-12-11T15:39:09","slug":"key-findings-second-google-plus-data-exposure","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/","title":{"rendered":"Key Findings: The Second Google Plus Data Exposure"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1374\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280.jpg\" alt=\"Key Findings: The Second Google Plus Data Exposure\" width=\"800\" height=\"350\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280-300x131.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280-768x336.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280-600x263.jpg 600w, https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280-180x79.jpg 180w, https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280-400x175.jpg 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In early October of this year, Google announced their long-beleaguered social media platform <\/span><a href=\"https:\/\/solutionsreview.com\/identity-management\/google-reveals-google-data-breach-coverup-upcoming-shutdown\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">Google Plus (stylized Google+) suffered a data breach<\/span><\/a><span style=\"font-weight: 400\">; a bug allowed third-parties access to private user data via an API, affecting as many as 500,000 users. <\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/solutionsreview.com\/identity-management\/identity-and-access-management-vendor-map-of-the-best-solutions\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"IAM VendorMap\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2020\/02\/IM_VM_SB_800.jpg\" alt=\"Download Link to IAM Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In the wake of the breach\u2014and the allegations of an initial cover-up\u2014Google announced they would be shutting down Google Plus for consumers in August 2019. Google Plus for enterprises would continue as normal. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, it seems Google\u2019s shutdown timeline may have been too generous. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Yesterday, Google publicly disclosed Google Plus suffered a second personal data exposure, also resulting from an API bug. This time, the number of users affected could reach as many as 52.5 million individuals.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to Google\u2019s public statements, internal researchers discovered the bug through normal investigation processes; hackers did not exploit the bug prior to discovery. In the wake of these new revelations, Google announced their plans to accelerate the shutdown of Google+ for consumers. Google scheduled the shut down for April 2019. Google+ APIs for the consumer-version of the social media platform will be shut down within 90 days. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The API bug in question for the second Google+ data exposure allowed developers and apps to gain access to user profiles including information set to \u201cnot public.\u201d The personal data exposed included <\/span><span style=\"font-weight: 400\">names, ages, occupations, and email addresses. Google stressed the exposure did not affect financial information and passwords. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">What does the second Google Plus data exposure mean for enterprise identity and access management? What lessons can enterprises take away from this highly scrutinized data exposure? <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Here are some of our conclusions<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>The Consequences of a Cover-Up<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">When the Wall Street Journal broke the story of the initial Google+ data breach, they reported internal memos encouraging the search engine giant cover up the breach to avoid regulatory attention. Google denied these, but the allegations haunt their current efforts to handle the wake of the second Google+ data exposure. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Google\u2019s reputation and brand image took a major hit following the first announcement, emphasizing the growing conversation about privacy, data usage, and the public responsibility of companies like Google and Facebook. Google CEO Sundar Pichai is scheduled to testify before Congress today on accountability; how this latest announcement will affect his testimony remains to be seen. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">One of the most important lessons any enterprise can learn from the second Google+ data exposure is never to try covering up a data breach. The long-term reputational damage isn\u2019t worth any short-term savings from avoiding regulatory scrutiny; it can affect your brand image and bottom line for years after the fact. Further, certain compliance mandates such as GDPR inflict harsher penalties on enterprises who fail to publicly disclose a breach in a timely manner after discovery. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Instead, your identity and access management platform should include a comprehensive incident response plan which includes informing compliance enforcers and the public. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The old saying goes \u201cthe cover-up is worse than the crime.\u201d The same is true of data breaches. Showing you take the breach seriously and that you care about your consumers\u2019 and employees\u2019 PII can go a long way in maintaining your brand reputation. \u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Secure Your APIs<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\"> The second Google Plus data exposure shared plenty of similarities with its older counterpart. The API vulnerability at the heart of the issue proves the most significant. According to IAM and PAM solution provider <a href=\"https:\/\/solutionsreview.com\/identity-management\/ping-identity-releases-survey-on-the-perils-of-enterprise-apis\/\" target=\"_blank\" rel=\"noopener\">Ping Identity<\/a>, APIs remain a continual cybersecurity afterthought. 45% of IT security experts state they&#8217;re not sure if their enterprises are aware of all their APIs. 30% did not know if their enterprise had suffered a data breach or security event involving their APIs.\u00a0 \u00a0 <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This lack of visibility can cause massive security problems, as Google proves with their latest disclosure. In order to gain a better handling of APIs, enterprises should consider employing more advanced authentication systems. These can include token-based systems such as <a href=\"https:\/\/www.ubisecure.com\/about\/resources\/api-protection-security-oauth-sr\/?utm_source=Solutions%20Review&amp;utm_campaign=api%20protection%20security%20oauth\" target=\"_blank\" rel=\"noopener\">OAuth<\/a> or <a href=\"https:\/\/solutionsreview.com\/identity-management\/ping-identity-extending-identity-security\/\" target=\"_blank\" rel=\"noopener\">SAML<\/a>.\u00a0 It can also involve a granular consent model which can regulate the access applications and developers have in accessing user profiles.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Above all, the Google Plus data exposure should remind enterprises that vulnerabilities persist. Just changing your cybersecurity stance and attitude is only one half of the equation. You also need to adopt the IAM technology and solutions to protect the most exposed aspects of your network. Even the smallest issue can have massive consequences.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><br \/>Widget not in any sidebars<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In early October of this year, Google announced their long-beleaguered social media platform Google Plus (stylized Google+) suffered a data breach; a bug allowed third-parties access to private user data via an API, affecting as many as 500,000 users. In the wake of the breach\u2014and the allegations of an initial cover-up\u2014Google announced they would be [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":1374,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[142,175,383,125,16,11,112,81,937,76,70,118,30,63],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Key Findings: The Second Google Plus Data Exposure<\/title>\n<meta name=\"description\" content=\"Yesterday, Google publicly disclosed Google Plus suffered a second personal data exposure, also resulting from an API bug. What can we learn from this?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/\",\"name\":\"Key Findings: The Second Google Plus Data Exposure\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280.jpg\",\"datePublished\":\"2018-12-11T15:39:09+00:00\",\"dateModified\":\"2018-12-11T15:39:09+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Yesterday, Google publicly disclosed Google Plus suffered a second personal data exposure, also resulting from an API bug. What can we learn from this?\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280.jpg\",\"width\":800,\"height\":350,\"caption\":\"Key Findings: The Second Google Plus Data Exposure\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Key Findings: The Second Google Plus Data Exposure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Key Findings: The Second Google Plus Data Exposure","description":"Yesterday, Google publicly disclosed Google Plus suffered a second personal data exposure, also resulting from an API bug. What can we learn from this?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/","url":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/","name":"Key Findings: The Second Google Plus Data Exposure","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280.jpg","datePublished":"2018-12-11T15:39:09+00:00","dateModified":"2018-12-11T15:39:09+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Yesterday, Google publicly disclosed Google Plus suffered a second personal data exposure, also resulting from an API bug. What can we learn from this?","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2016\/10\/security-265130_1280.jpg","width":800,"height":350,"caption":"Key Findings: The Second Google Plus Data Exposure"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/key-findings-second-google-plus-data-exposure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Key Findings: The Second Google Plus Data Exposure"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4086"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4086"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4086\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/1374"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}