These are not exactly the best times for Google. We have known many problems with the privacy of your data for a long time, and even that there were certain hacks. Now, apparently it seems that, little by little, some more are being discovered, since recently it seems that the security of your social network has been somewhat compromised (which by the way seems that it will soon disappear).
And is that, in this case, Google is sending emails to some of its users, reporting a possible security failure, with which applications with access to the API could have accessed more data within Google+ of which they really should, and may have even accessed the profiles of other users.
Google+ would have been hacked again
As far as we have been able to know, in this case it seems that between 7 and 13 November 2018, a new threat was discovered on Google+, through which only some applications that you could have authorized through Google's own API, could have accessed more data within the profile.
However, that is not the worst, because apparently It would even be possible to access the data of the profiles of those people you have added within the social network, even if they have private profiles. In this way, some developers could have obtained access to your data within Google Plus during those days.
In this way, in the event that you have authorized a fraudulent application, from Google they should have sent you an email, attaching information on the problematic app in question:
We contacted you to report a technical issue caused by a software update that affected the Google+ Application Programming Interfaces (APIs) between the November 7 and 13, 2018 (Pacific time), which is when the issue was resolved. We have determined that it only affected Google+ APIs that return user profile information. This situation could cause two problems:
- If you gave an application permission to access your profile information, such as your name, email address or profession, the application could request and view more fields of your profile without permission than you allowed.
- If a person with whom you had shared your profile information gave permission to an application to access the public fields of your profile, the application could request and consult those fields as intended, but could also request and access without permission any field you would have shared with that person, including privately shared fields.
This issue only affected profile fields; that is, it did not allow developers to access financial information, national identification numbers, passwords, or other similar data that are commonly used to carry out fraudulent actions or identity theft.
The problem, which was detected by our automated testing system, was fixed on on November 13, 2018 (Pacific time). We are not aware that application developers with access to this data for six days were aware of the situation or that they used it improperly.
We attach to this message a list of the affected fields and the names of the applications that have been able to access them (according to their availability). You can check all the third-party applications that you have allowed to access your account in your security preferences.
This problem was described in the blog post Google+ from 10 December 2018.
We apologize for the inconvenience this situation may have caused you. If you have any questions, please contact us using this form.
Thus, it is quite important that you be careful with Google+ and that you check the changes you made during those days, as it is possible that more than one has had access to it, although it is true that this time changing the password will not help you either.
