Google Users Private Data Exposed by Google+ API Bug: Google has sending Alert email to those who were affected by there Google+ API bug which was disclosed in December 2018. In this notification, Google sends to the user which data leak and that app had access to it.
Google announced that on 10 December 2018 disclosed google+ API bug which allow user app that user permissions to access Private data we do not support to that access.
According to Google+ disclosure, This bug affected by over 50 million Google+ users
Last week on 7 January 2019. google+ user affected by this bug have received notification from google
Google Users Private Data Exposed by Google+ API Bug
Dear Google User,
We are writing to inform you of a technical issue caused by a software update, which affected Google+ APIs (Application Programming Interfaces) between November 7th, 2018 PT and November 13th, 2018 PT when the issue was fixed. We have determined that the impact of this technical issue was limited to Google+ APIs that return profile
information about users and resulted in two potential unintended effects:
1. If you granted the app permission to view your profile information, such as name, email address, occupation, the app inadvertently was able to request and view more profile fields that you granted the app permission to view.
2. If a person with whom you had shared profile information granted an app permission to view your public profile fields, that app was able to request and view your public profile fields, as intended, but inadvertently was also able to request and view any profile fields you had shared with that person, including profile fields that you had shared with that person but not shared publicly.
This issue was limited to profile fields and did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
The issue was detected by our automated testing and fixed on November 13th, 2018 PT.
We have no evidence that the app developers who inadvertently had this access for six days were aware of it or misused it in any way.
For your information, we are attaching a list of the affected fields and the corresponding app names (where available). For a list of all third-party apps you have granted access to your account, please review your security preferences – Third-party apps with account access.
Please note that this issue was discussed in the Google+ blog post dated December 10th, 2018. We would like to sincerely apologize for any inconvenience this may have caused. If you have any questions please contact us via this form.
The Google Apps Team
Google decided to shut down their Google+ social service platform in August 2019 due to a prior API bug leaked the personal information of up 50 million Google+ accounts.