Google Plus Data Breach: The Fall of Google Plus

  • By David Lukic
  • Nov 10, 2020

Software is far from perfect, and even industry giants like Google can fall prey to bugs that threaten security. In December of 2018, Google announced that a bug in their Google plus social network had allowed access to user’s personal details from 2015 until 2018. Upon discovering the bug, they fixed it, but for three years 500,000 user’s data was exposed. Google plus shut down  when evidence of another bug occurred in November of 2018, exposing personal data for 52.5 million users. Google assured customers that no financial data was included or social security numbers, only profile data such as name, email, phone, occupation, age, gender, etc. Google responded to reports of the Google plus data breach with

“Our testing revealed that a Google plus API was not operating as intended. We fixed the bug promptly and began an investigation into the issue,”

Google also does not believe that the data was accessed by a third-party but has no way of knowing for sure. 

google plus data breach

When Was the Google Plus Breach?

The original Google Plus data breach took place during 2015 all the way through 2018 when a bug was discovered, allowing outside developers to view private profile details of other users even if they were set to private. The second Google Plus data breach occurred from November 7th to November 13th, only six days, but plenty of time for cybercriminals to hack the data. The initial bug impacted about 500,000 users and the second 52.5 million. 

How to Check if Your Data Was Breached By The Google Hack

Google identified all affected users and enterprise customers and notified them through the mail. They gave users the option of deleting their profile and all information before they pulled the plug on Google plus for good in August of 2019. If you did not receive a notification from Google, then you were not affected. 

What to Do if Your Data Was Breached By The Google Plus Hack

Even the basic information stolen was enough to target users with phishing scams or trick you into providing the remaining data needed to steal your identity. Normally the first course of action would be to delete your Google plus account, but since Google shut it all down, that part is done. What you can do now is:

  • Carefully monitor your bank and credit card statements looking for fraud.

  • Be very cautious when opening emails. Look for suspicious language, poor grammar, and emails that want you to click a link to “verify your details” or open an attachment. If they sound scary or pushy, don’t do anything with them. They are most likely phishing scams.

  • Never give out your personal information to anyone you do not know.

  • Monitor your credit report and sign up for ongoing credit monitoring with a company like

Was Google Plus Hacked Because of the Bug?

The decision for Google plus shut down was most likely a tactic to remove any “immediate regulatory interest” in the company. Since Facebook’s Cambridge Analytica scandal, everyone is on edge and quick to lump all data breaches into the same category. As an effort to avoid this, Google decided to shut down the service, but not before the service experienced an even bigger issue. Through Project Strobe, an attempt to review all third-party developer apps and their access to Google services, Google identified the additional bug and quickly closed the gap. Although they are under close scrutiny, Google is not yet being investigated by the FTC

Can The Google Plus Breach Cause Identity Theft?

Even the most basic information can lead a cybercriminal to enough data to hack your identity. When names and email addresses are stolen from companies like Google, they can be matched with other data breach information on the dark web. Perpetrators sell volumes of data every day to cybercriminals looking to steal your identity and open lines of credit or hack into your computer and hold it ransom. 

google plus breach

How to Protect Yourself Online

Most of us use social media sites, and we tend to trust big-name companies like Google. However, no one is really safe online. When you put your information out there, it can be accessed no matter how good the security of the platform.

Some things to do to stay safe are:

  • Install good antivirus software on your computer and run deep scans often.

  • Watch out for phishing emails or other scams.

  • Never click a link or download attachments in email.

  • Don’t give out your personal details online unless you accept the dangers of them possibly being breached.

  • Constantly monitor your credit report, bank statements, and credit card charges looking for suspicious activity.
About the Author
IDStrong Logo

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address