Security Follow Up: Concerns About the Google+ Bug

Security Follow Up: Concerns About the Google+ Bug

We’ve often written about internet security here on the Blink;Tech blog, and for good reason: it will continue to be a growing issue as the web gets more complex and both accessibility and functionalities expand. A current example of how our web presence can affect our personal security has to do with the demise of the consumer version of Google+, Google’s social networking platform and answer to Facebook.

If you are like most people, you were probably not aware of the shutting down of Google+ for two very different reasons, the first and obvious being its very low user engagement. The second reason, however, is the focus of this blog. On October 8th, the Wall Street Journal reported that Google+ had suffered a security breach due to a bug and Google had opted not to report it for fear of regulatory action. Immediately following the WSJ story, Google released a seemingly innocuous blog post announcing Project Strobe, a move to protect user data by improving APIs and shuttering the consumer version of Google+.

The security breach potentially affected up to 500,000 Google+ accounts and gave access to user profile data via an API, or “application program interface”, which specifies how software components are to interact. Google states that up to 438 applications may have used the faulty API, but have no way of knowing which users were impacted by the bug.

While it is pretty alarming that the personal information of this many users could potentially be compromised without any way to verify who exactly was affected and to what extent, the reality is that this is the new norm and all of us have to be proactive in protecting our online identity and personal information.

With that in mind, we offer the following tips to help keep you and your data safe in the event of a reported security breach:

1. Scan for viruses and malware on your devices immediately following an announcement.
2. Change your password. This blog post from 2014 is still very relevant and full of good advice on password creation and management.
3. Make sure you are enrolled in 2-step verification for logins wherever possible.
4. Make sure your account recovery options are up-to-date.
5. Review the list of apps that have access to your devices and accounts, including all your social media platforms. Disable or delete any that you are not using or do not recognize.  
6. Make sure all your programs, apps, platforms, and plugins are up-to-date.

This last point seems simple enough, but if the affected application happened to be a website platform like WordPress, Joomla, or Drupal, it is advisable to seek capable help familiar with website and hosting security concerns. Many shared hosting environments are unfortunately wanting in giving the user the ability to both detect and address minor security breaches. Technical knowledge and experience are key and a resource like the development team at Blink;Tech can save you untold headaches and lost revenue if your website becomes compromised.

In the end, vigilance is always your first line of defense. Understanding that with every new feature or function in the web-based applications that fill our lives comes more complexity and the opportunity for exploitation. Choose your services wisely and take an active part in administering your online presence. And if you get into trouble out there, the team at Blink;Tech is always here to help!