api   228461

« earlier    

Google+ to shut down earlier than planned after second bug - CNN
New York (CNN Business)Google will shut down its Google+ social network much sooner than planned after discovering a second bug that revealed millions of customers' private information to software developers.
In a blog post, the company said 52.5 million people were affected by a bug in a November software update. The latest bug allowed app developers to access profile information not marked public. App developers inadvertently had access to this data for six days.
Google said it detected the issue during regular testing, and fixed it within a week of discovery.
Google disclosed a similar bug in October. At the time, the company said it "discovered and immediately patched" a bug in March 2018, which potentially allowed developers to access profile data that wasn't public, including usernames, email addresses, occupations and ages. The bug reportedly affected as many as 500,000 accounts.
The company said no third parties compromised its systems, and Google hasn't found evidence developers misused the information or were aware of it.
google  security  privacy  bug  data  developer  API 
4 hours ago by rgl7194
Google+ bug exposes non-public profile data for 52 million users | Ars Technica
Goof let developers see names, email addresses, and more, even when set to be nonpublic.
Two months after disclosing an error that exposed the private profile data of almost 500,000 Google+ users, Google on Monday revealed a new leak that affects more than 52 million people. The programming interface bug allowed developers to access names, ages, email addresses, occupations, and a wealth of other personal details even when they were set to be nonpublic.
The bug was introduced in a release that went live at an undisclosed date in November and was fixed a week later, Google officials said in a blog post. During the time the bug was active, developers of apps that requested permission to view profile information that a user had added to their Google+ profile received permission to view profile information about that user even when the details were set to not-public. What’s more, apps with access to users’ Google+ profile data had permission to access non-public profile data that other Google+ users shared with the consenting user. In all, the post said, 52.5 million users are affected.
“The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft,” Monday’s post said. “No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.”
google  security  privacy  bug  data  developer  API 
4 hours ago by rgl7194
Bug in Google+ API Puts at Risk Privacy of over 52 Million Users
Non-public details on about 52.5 million Google+ profiles were accessible to developers of apps requesting permission to view data the user had configured to remain private.
The exposure lasted for six days in November and was caused by a bug in the Google+ People application programming interface (API), specifically built to allow access to profile data with the owner's consent.
Private data of users that did not give consent to apps to get their profile information was also exposed if they shared it with a profile that permitted such an app to access their profile details.
google  security  privacy  bug  data  developer  API 
4 hours ago by rgl7194
Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019.
Google said it discovered another critical security vulnerability in one of Google+'s People APIs that could have allowed developers to steal private information on 52.5 million users, including their name, email address, occupation, and age.
The vulnerable API in question is called "People: get" that has been designed to let developers request basic information associated with a user profile.
However, software update in November introduced the bug in the Google+ People API that allowed apps to view users' information even if a user profile was set to not-public.
google  security  privacy  bug  data  developer  API 
4 hours ago by rgl7194
Google+ bug gave developers access to non-public data from 52.5M users | TechCrunch
Google+ was a bit of a disaster for the company when it was still alive, and now that it’s walking dead, it’s becoming even more of a stone around its neck. After disclosing a major security bug in October that affected just under half a million users, it announced that the service would shut down in August 2019. But things are getting worse. Today, the company announced a new privacy hole, one that it found last month, that left some data from about 52.5 million users up for grabs from apps that used the Google+ API.
Because every bug seems to move up the Google+ shutdown date, Google also today announced that the service will now close in April 2019. All Google+ APIs will shut down within the next 90 days.
google  security  privacy  bug  data  developer  API 
4 hours ago by rgl7194
The Little Book of GraphQL Schema Design
The book will cover how domain driven design can help us build a great GraphQL API, best practices when migrating from other API approaches, common anti-patterns, GraphQL Mutations, evolution of GraphQL schemas, public APIs, and much more.

The book is language agnostic and heavily uses the GraphQL SDL to provide examples. So no matter how you build your GraphQL APIs, it should come in very useful.
GraphQL  books  online  schema  API  reference  DDD 
7 hours ago by liqweed

« earlier    

related tags

0x  201812  52  acquia  acquia:octo  aggregator  algorithm  analytics  api_gateway  apidays  app  applescript  architecture  article  async  at  authentication  automation  automotive  aws  baas  banking  best+practice  bestpractice  blog  books  browser  bug  bulb  business  caching  career  cdn  chrome  chromecast  cljs  clojure  cloud  cms  code  codes  collaborative  commercial  compound  cool  crosspplatform  crypto  data  datascience  dataset  datomic  ddd  design  detect  detection  developer  development  dex  docker  docs  documentation  domain  drupal  drupal8  dweb  e2e  elixir  email  events  fake  finance  fintech  flask-restful  flask  framework  freemium  github  go  google+  google  graphql  handwriting  headless-cms  headless  home  hosting  http  hue  ibm  identity  images  in  internet  investing  investment  ip  java  javascript  json  kubernetes  lambda  language  library  light  lisp  list  manual  mapping  maps  markdown  market-data  marketing  megacorp  million  mock  myscript  nginx  node.js  node  node_js  nonfree  oauth  of  office  online  onlinecourse  openapi  opensource  optimization  over  paciolan  passwords  payments  pdf  philips  placeholder  platform  plex  plugin  postgresql  privacy  programming-language  programming  protocol  puts  python  qa  raml  reactive-programming  reference  resources  rest  restful  risk-api  risk  ruby  rx  saas  schema  scripting  sdk  secrets  security  server  serverless  service  sf  sheets  shop  smart  smtp  software  specification  spring  sso  standard  status  storage  store  structured-content  swagger  sweden  swedish  tdd  test  testing  tool  tools  trading  tutorial  twitch  usage  use  users  util  videos  vision  visualization  wappalyzer  web  webdev  webdevel  webhook  webscraping  webservice  website  wordpress  zalando  网页截图 

Copy this bookmark: