Credit Suite Blog

Get current information on getting credit and loans to grow your business

CLICK HERE TO LEARN MORE

What’s Up Google? The Google Data Breach Decoded

Published By Faith Stewart at June 12th, 2019

What Happened and What You Need to Know About the Google Data Breach, Decoded for You

Online security is a constant in the news these days, and when there is a breach all alarms go off. Typically, we don’t worry about the larger companies, like Google. I mean, a company that large should have it together, right. Recently however, we have all, including Google, learned the hard way that nothing is a sure thing. The Google data breach was in the news, but what exactly happened? What does it mean for you? Here is the Google data breach decoded so you can understand what happened, and how to protect yourself.

Google Data Breach Decoded: What Happened?

Before you can begin to understand the Google data breach decoded, you have to understand how they actually found it. There was no known event that caused the Google heads to look for a problem. Rather, Google initiated a security audit at the start of 2018. They began to review what data third-party app developers could access via Google accounts.

What they found surprised everyone. Between 2015 and 2018, outside app developers potentially had access to private data via Google+ profiles. This was due to a software glitch on the site.

Google Data Breach Decoded Credit Suite3

Keep your business protected with our professional business credit monitoring.

The Google Data Breach Decoded: How Did the Glitch Work?

Like many other such platforms, when users would sign up for a Google+ account, they entered information such as name, gender, email, occupation, and more. They could mark certain data as private or viewable only by friends. They could also grant access to certain information to third Google+ apps. This allowed the third-party apps to use APIs, or application programming interfaces, to access profile data. The key is, they are not supposed to be able to access information marked as “private.” Herein lies the glitch. No one told them that! There was potential access to this “private” information.

Google corrected the flaw at discovery in March of 2018, stating that they believe about 500,000 users were affected. Outside developers may have accessed names, email addresses, occupations, genders and ages.

They claimed that the following information was not exposed.

  • Phone numbers
  • Messages
  • Google+ posts or data from other Google accounts

The Google Data Breach Decoded: It’s Not Over ‘Till It’s Over

The problem was, Google could not confirm which users were actually affected by the flaw, because they only keep API log data for two weeks. In light of the glitch and potential ensuing disaster, Google made the call to shut down the consumer version of Google+ by August 2019. They made a vow to inform users beforehand of how to save their Google+ account data.

The Google Breach Decoded: Is it Enough?

In addition, Google is working on additional controls and updating policies related to APIs. They also intend to release more granular account permissions for users, requiring apps to show each requested permission individually.

Google Data Breach Decoded 2.0

Recently Google announced that Google+ had another data leak. This was one was worse, with 52.5 million users affected. That is substantially more, something like 100 times more, than the first. Users had their name, email address, occupation, and ages exposed to third-party developers. This was regardless of whether their accounts were set to private.

The new leak traced to a bug in the updates. Google says the bug was fixed within a week. However, they shut Google+ even earlier in response. Google+ for consumers ceased in April 2019. All APIs were sunset as well, with Google itself admitting that 90% of Google+ sessions were less than five seconds in duration. No one used it, so it only posed a risk and liability.

Google Data Breach Decoded: What Should I Do to Protect Myself on My Google Accounts

The best thing about having the Google data breach decoded is that you can be more vigilant about protecting your account.  Here are a few tips to keep your other Google accounts safe:

  • Ensure all of your Google accounts, including Gmail and Google Drive, are as secure as possible. Create a strong password and enable 2-step verification.
  • Be cognizant of phishing scams. That’s when scammers will use information about you, like your name or occupation, that they accessed in the Google breach or some other way. They will use it to get you to divulge other personal data through email or text, or install malware onto your phone or computer.
  • Never click links in email or text asking you to divulge personal information. For example, if you get an email from PayPal with a link, do not click it. Go straight to PayPal and work from there.
  • Invest in a credit monitoring program. You can obtain a free copy of your credit report, and definitely do that. A regular credit monitoring program will help you keep tabs on things monthly however. In these situations, time is of the essence.

Google Data Breach Decoded Credit Suite3

Keep your business protected with our professional business credit monitoring.

What Happens When You Delete Your Google+ Account?

Deleting your Google+ profile won’t have an effect on your Google account, and you won’t have to worry about any more Google+ data breaches as far as Google+ goes. You simply will not have Google+ anymore. Pretty soon, no one will anyway.

Keeping it In Perspective

While this is most certainly a big deal, it is important to remember that there is no evidence that anyone was actually breached. It is just that the possibility that it could have happened was discovered. The data was exposed. That’s bad enough, of course. In addition to shutting down Google+ for consumers, Google is also beefing up security on its other sites. That’s the good part. They now see how easy it can be to miss something like this, and they are taking precautions to ensure it doesn’t happen again. They are Google, after all.

Now What Have We Learned?

Google isn’t some fly by the seat of their pants newcomer. This is Google people. If they can have problems with security, anyone can have problems with security. What are we to do? How do we keep our information protected on other sites short of going off the grid?

While there will always be some risk involved with putting your information out there, there are some ways to help keep it safer.

Passwords 101

If the Google data breach decoded taught us anything, it is that passwords matter.  Create separate, strong passwords for all accounts and change them regularly. I get it. I do. It is a pain in the you know what to make long, complicated passwords and try to remember them, let alone one for each account you need to log in to regularly. Throw in the accounts you rarely log in to, and it gets even harder.

There are a couple of tips that can help. We all know what makes a “strong” password. Seemingly nonsensical random letters, numbers, and symbols. Those are awful to remember though, especially multiples.

Try a system like this. Think of a favorite quote. I like movies so I tend to lean toward those. For simplicity, consider “Nobody puts Baby in the corner.” Now, take the first letter of each word in the quote and you get NpBitc. Throw in an exclamation point for the “i” and a plus sign for the “t” and you get NpB!+c. If you have an “a” you can use the “at” symbol and, of course, dollar signs or ampersands work nicely to replace an “s.” Develop your own system and stick with it. Then the only problem you have is remembering the quote for each account.

Another option is to use a password manager like LastPass. Password managers will generate and save passwords for multiple accounts, locking them all down under a master password. Not only that, but it will also save passwords you create on you own if you wish, and they will enter them automatically at login if you enable that function.

While we can’t change passwords every day, a couple of times a year should be a minimum for sure, more if you are actually hacked.

Beware of Free Wi-Fi

While it is super convenient, it is not all that secure. You can still enjoy it, but it is best to do so with a VPN, which stands for virtual private network. It will encrypt your activity so others on the network will not be able to see it easily. Regardless, refrain from entering account numbers and such when using free Wi-Fi.

Google Data Breach Decoded Credit Suite3

Keep your business protected with our professional business credit monitoring.

Get Rid of Unused Accounts

If you have old email or social media accounts that you don’t use, go ahead and shut them down. You have no clue the droves of information that hackers can glean from these. They are rich for the harvest, and it could leave your fields bare.

Watch What You Share on Social

You may not even realize the problems some of the information you put out there can cause you. Post a pic of your new car and someone can see the make and model. When they try to hack and the security question is “What kind of car do you drive?” the answer will not be hard to find.

Speaking of Security Questions…

Lie. Yes, I am telling you to lie. It is not hard to find out what your mother’s maiden name was or what town you met your husband in. A quick Google search can be amazingly informative. If your ability to keep your lies straight concerns you, never fear. You can save this type of information in LastPass also.

 

Use 2-Factor Authentication on All Accounts

Google Data Breach Decoded Credit Suite2

This is not just good for Google. When you sign in, your account will send you a code that you must enter as a second step to gain access. Some sites require it every time, while others only require it sometimes. Many feel it is too time consuming, but it is actually quite effective. It just depends on how secure you really want to be.

Don’t Click Links

I touched on this earlier. When you get an email requesting information that contains a link, do not click the link. You can go to the website directly. These are often phishing scams, and you may find they look totally legit. Don’t risk it. Be safe and go directly to the source.

The Google Data Breach Decoded: Other Tips

How do you know you have fallen prey to these monsters? Sometimes you don’t until you’ve lost everything. It is essential to stay vigilant, keeping an eye out for anything that looks off. Make it a habit to do the following on a regular basis.

  • Review your bank accounts for unauthorized activity. I have myself shut down some major scams this way. If you see anything fishy, call the bank immediately. If you catch it early enough, they can keep it from going through. The faster they start fraud protocol the better for you. Another bonus to this is that you won’t find out the hard way when the restaurant declines your card at a business dinner.
  • Check credit cards the same way. If you see any unauthorized activity, report it immediately. The sooner the better.
  • Don’t forget online payment accounts. PayPal, Venmo, and others are susceptible to the same type of sabotage. The nice thing about PayPal at least is that you can get a notification for all activity, meaning you can jump on it right away.
  • Join a credit monitoring system. They offer alerts that can clue you in if something isn’t right, and a bonus is you can see what is happening with your credit on a monthly basis.

In some cases, hackers use this information to perpetrate actual identity theft.  This goes much further than simply accessing your money to buy stuff.  Identity thieves use your SSN to obtain loans, credit cards, and even in some cases, jobs.  This leaves you with the debt while they enjoy the funds. If you fall victim to this, go to  https://www.identitytheft.gov/to find out what your next steps should be for reporting and recovery.

The Google Data Breach Decoded: Moving Forward

Now that the Google data breach is decoded, Google+ is a thing of the past. Google itself is making major changes with the rest of its platforms. For the rest of us, it’s time we learn our lessons well, make necessary adjustments, and move on. Shut down those old accounts, create a new password system, and be more careful about what information we put out there. This combined with being extra vigilant about watching for account activity that doesn’t add up can help us do that. There’s no need for all-out paranoia, but this is definitely an age in which extra precautions are a necessity.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *