It was reported earlier today that Google +, Google’s social network, has suffered a significant data leak due to a buggy API.
As a result of the glitch, it will shut down Google + APIs in the next 90 days and it will fast-track plans to shut down the entire network from August to April. Google had already announced plans to close Google + in October when it disclosed a separate issue in which 500,000 users’ personal data had been compromised. Moreover, it discovered the vulnerability in March but took seven months to go public.
Paul Farrington, Head of EMEA at app security company CA Veracode, calls for more consistency in security and app performance scans:
“Hackers are increasingly taking advantage of vulnerabilities in web and software applications, and businesses are making their life very easy with our recent research revealing that more than 85% of applications have at least one vulnerability when first scanned. Security needs to become a top priority for business leaders on 2019 and built earlier into the development lifecycle.
Flaws can take a long time to fix, with research by Veracode revealing that only one in four high and very high severity flaws were addressed within 290 days of discovery. Businesses that practice good DevSecOps hygene will reap the benefits of secure data for consumers and citizens alike. By testing for vulnerabilities in web and software applications early, security teams can eradicate flaws akin to the one seen in Google+’s system rapidly before any personal and financial data is left open to cyber criminals.
In this instance, Google has been lucky that no customer data has been compromised by hackers exploiting the flaw in their website, which originated from a vulnerability in an API. However, with the reputational and financial damage caused by data breaches, organisations cannot afford to take the risk.”