Google Plus Data Breach: The Fall of Google Plus

Posted on by David Lukic in Data Breaches November 10, 2020

Software is far from perfect, and even industry giants like Google can fall prey to bugs that threaten security. In December of 2018, Google announced that a bug in their Google plus social network had allowed access to user’s personal details from 2015 until 2018. Upon discovering the bug, they fixed it, but for three years 500,000 user’s data was exposed. Google plus shut down  when evidence of another bug occurred in November of 2018, exposing personal data for 52.5 million users. Google assured customers that no financial data was included or social security numbers, only profile data such as name, email, phone, occupation, age, gender, etc. Google responded to reports of the Google plus data breach with

“Our testing revealed that a Google plus API was not operating as intended. We fixed the bug promptly and began an investigation into the issue,”

Google also does not believe that the data was accessed by a third-party but has no way of knowing for sure. 

google plus data breach

When Was the Google Plus Breach?

The original Google Plus data breach took place during 2015 all the way through 2018 when a bug was discovered, allowing outside developers to view private profile details of other users even if they were set to private. The second Google Plus data breach occurred from November 7th to November 13th, only six days, but plenty of time for cybercriminals to hack the data. The initial bug impacted about 500,000 users and the second 52.5 million. 

How to Check if Your Data Was Breached By The Google Hack

Google identified all affected users and enterprise customers and notified them through the mail. They gave users the option of deleting their profile and all information before they pulled the plug on Google plus for good in August of 2019. If you did not receive a notification from Google, then you were not affected. 

What to Do if Your Data Was Breached By The Google Plus Hack

Even the basic information stolen was enough to target users with phishing scams or trick you into providing the remaining data needed to steal your identity. Normally the first course of action would be to delete your Google plus account, but since Google shut it all down, that part is done. What you can do now is:

  • Carefully monitor your bank and credit card statements looking for fraud.

  • Be very cautious when opening emails. Look for suspicious language, poor grammar, and emails that want you to click a link to “verify your details” or open an attachment. If they sound scary or pushy, don’t do anything with them. They are most likely phishing scams.

  • Never give out your personal information to anyone you do not know.

  • Monitor your credit report and sign up for ongoing credit monitoring with a company like

Was Google Plus Hacked Because of the Bug?

The decision for Google plus shut down was most likely a tactic to remove any “immediate regulatory interest” in the company. Since Facebook’s Cambridge Analytica scandal, everyone is on edge and quick to lump all data breaches into the same category. As an effort to avoid this, Google decided to shut down the service, but not before the service experienced an even bigger issue. Through Project Strobe, an attempt to review all third-party developer apps and their access to Google services, Google identified the additional bug and quickly closed the gap. Although they are under close scrutiny, Google is not yet being investigated by the FTC

Can The Google Plus Breach Cause Identity Theft?

Even the most basic information can lead a cybercriminal to enough data to hack your identity. When names and email addresses are stolen from companies like Google, they can be matched with other data breach information on the dark web. Perpetrators sell volumes of data every day to cybercriminals looking to steal your identity and open lines of credit or hack into your computer and hold it ransom. 

google plus breach

How to Protect Yourself Online

Most of us use social media sites, and we tend to trust big-name companies like Google. However, no one is really safe online. When you put your information out there, it can be accessed no matter how good the security of the platform.

Some things to do to stay safe are:

  • Install good antivirus software on your computer and run deep scans often.

  • Watch out for phishing emails or other scams.

  • Never click a link or download attachments in email.

  • Don’t give out your personal details online unless you accept the dangers of them possibly being breached.

  • Constantly monitor your credit report, bank statements, and credit card charges looking for suspicious activity.
About the Author
IDStrong Logo

Related Articles

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in the fina... Read More

What is an Accidental Web Exposure and How to Prevent Data Leakage

Data breaches take many forms, and one of them is through accidental web exposure and data leakage. Milli... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, 2015 an... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. What start... Read More

Scan Your Records for Breaches, Leaks & Exposures!