Published Date: 2018-10-08
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The first software failure incident related to Google+ exposing user data occurred in March, as mentioned in Article 76533 and Article 76416. 2. The second software failure incident, where another bug in a Google+ API exposed user data from 52.5 million accounts, happened in November, as stated in Article 78910. |
| System | 1. Google+ API [76484, 78910] 2. Google+ social network [76533, 76416, 78910] 3. Google+ software [76533, 76416, 78910] |
| Responsible Organization | 1. Google - The software failure incident in the Google+ social network was caused by a bug in its API that allowed third-party developers to access user data [76416, 76484, 78910]. 2. Google's Privacy & Data Protection Office - Google's Privacy & Data Protection Office reviewed the issue but decided not to inform the public about the bug, stating that the thresholds for public disclosure were not met [76416]. 3. Google's engineering team - The bug in the Google+ API was discovered and fixed by Google's engineering team [78910]. |
| Impacted Organization | 1. Google users - Up to 500,000 users were affected by the data exposure incident on Google+ [76533, 76416]. 2. Google users - An additional bug in a Google+ API exposed user data from 52.5 million accounts [78910, 78775]. |
| Software Causes | 1. A bug in the API for Google+ allowed third-party app developers to access user data without proper authorization, leading to the exposure of private profile data [Article 76484]. 2. Another bug in a Google+ API, introduced in a software update on November 7, exposed user data from 52.5 million accounts, including names, email addresses, occupations, and ages, even if accounts were set to private [Article 78910]. |
| Non-software Causes | 1. Failure to disclose the security issue despite knowing about it in March due to fears of regulatory interest and potential embarrassment for the company [76416, 76533]. 2. Lack of timely disclosure of the security vulnerability to users and the public [76416, 76533]. 3. Concerns about public relations and regulatory scrutiny influencing the decision-making process regarding disclosure of the data leak [76484]. 4. The decision to keep the data leak out of the public eye to avoid public relations issues and potential regulatory enforcement [76484]. 5. The bug in the Google+ API that allowed third-party developers to access user data without proper authorization [78910]. 6. Inadequate data-sharing policies and controls that led to the exposure of user data to external developers [76968]. 7. The failure to maintain proper logs of API use for an extended period, limiting the ability to determine if data was misused [76484]. 8. The bug in the Google+ API introduced in November that exposed user data from 52.5 million accounts [78775]. |
| Impacts | 1. The software failure incident in Google+ exposed private user data of up to 500,000 users, including names, email addresses, occupations, genders, and ages [76416, 76533]. 2. A second bug in Google+ API exposed user data from 52.5 million accounts, allowing access to private information even if accounts were set to private [78910, 78775]. 3. The exposure of user data led to investigations by U.S. states and European Union member states to understand the nature of the breach and prevent similar intrusions in the future [76968]. 4. Google decided to shut down the consumer version of Google+ earlier than planned, accelerating the sunsetting of the service due to the discovered bugs and data exposure [78910]. |
| Preventions | 1. Regular security audits and testing: Conducting routine security audits and testing of the software could have potentially identified the vulnerabilities in Google+ before they were exploited by third-party developers [76484, 78910]. 2. Prompt disclosure and transparency: Google's decision not to disclose the security issues immediately after discovery led to further complications and regulatory scrutiny. Prompt disclosure and transparency could have mitigated the impact of the software failure incident [76416, 78910]. 3. Stronger data protection policies: Implementing stricter data protection policies and ensuring that user data is adequately secured could have prevented unauthorized access to sensitive information [76416, 78910]. 4. Compliance with data privacy regulations: Adhering to data privacy regulations, such as the GDPR, and promptly reporting data breaches as required by law could have helped prevent the incident from escalating and attracting regulatory attention [76416, 76968]. 5. Enhanced developer oversight: Implementing stricter controls and oversight mechanisms for third-party developers accessing APIs could have prevented unauthorized access to user data [76484, 78910]. |
| Fixes | 1. Implementing more rigorous testing procedures to catch bugs and vulnerabilities before they are exploited [76484, 78910]. 2. Enhancing data-sharing policies and privacy protections for users [76416, 76968]. 3. Providing more transparency to users about data breaches and vulnerabilities [76416, 76484]. 4. Accelerating the shutdown of the affected software to prevent further data exposure [78910]. 5. Conducting thorough investigations into incidents and promptly fixing any identified flaws [78775]. 6. Increasing regulatory oversight and accountability for tech companies to prevent similar incidents in the future [76484, 76968, 78775]. | References | 1. Wall Street Journal [76533, 76416, 76484] 2. Google Blog Post [76416, 76484, 78910] 3. Reuters [76968] 4. Google Vice President of Product Management, David Thacker [78910] 5. Google's Vice President of Engineering, Ben Smith [76416, 76484] 6. Connecticut Attorney General George Jepsen's spokeswoman, Jaclyn Severance [76968] 7. New York Attorney General's office [76968] 8. Ireland's Data Protection Commission [76968] 9. Germany's data protection regulator in Hamburg [76968] 10. Google's Vice President of Product Management, David Thacker [78910] 11. David Kennedy, CEO of TrustedSec [78775] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization | (a) The software failure incident having happened again at one_organization: - Google experienced another software failure incident related to Google+ where a bug in a Google+ API exposed user data from 52.5 million accounts [Article 78910]. - This incident occurred after Google had already announced the shutdown of Google+ due to a previous data exposure issue affecting 500,000 users [Article 78910]. (b) The software failure incident having happened again at multiple_organization: - There is no information in the provided articles about a similar incident happening at other organizations or with their products and services. |
| Phase (Design/Operation) | design | (a) The software failure incident related to the design phase: - Google's Google+ social network faced a software failure incident due to a bug in its API that allowed third-party app developers to access user data without proper authorization. This bug was introduced in a software update on November 7, affecting 52.5 million accounts [Article 78775]. - The incident involved exposing user data such as names, email addresses, occupations, and ages, even if accounts were set to private. Google discovered this flaw through routine testing and promptly fixed it by November 13 [Article 78910]. (b) The software failure incident related to the operation phase: - Google's Google+ software failure incident occurred due to a bug in the API that allowed third-party developers to access user data, potentially affecting up to 500,000 users. The bug was discovered in March but was not disclosed to users until later [Article 76416]. - The decision not to disclose the security issue was made by Google's "Privacy & Data Protection Office," which determined that there was no evidence of misuse and that the thresholds for public disclosure were not met [Article 76416]. |
| Boundary (Internal/External) | within_system, outside_system | (a) The software failure incident related to the Google+ data exposure can be categorized as both within_system and outside_system. Within_system: - The incident was caused by a bug in the Google+ API that allowed third-party developers to access user data [Article 76484]. - Google discovered the bug through routine testing by its staff [Article 78910]. - The bug was introduced to the network in November [Article 78910]. Outside_system: - The bug in the Google+ API exposed user data to external developers [Article 76968]. - The bug potentially exposed user data, including names, email addresses, occupations, genders, and ages, to third-party developers [Article 76968]. - The incident led to investigations by U.S. states and European Union member states to understand the nature and cause of the intrusion [Article 76968]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The software failure incident in Google+ was due to a bug in the API that allowed third-party app developers to access user data without proper authorization [Article 76484]. - Google discovered a flaw in the Google+ API that exposed user data from 52.5 million accounts, which was introduced in a software update in November [Article 78910]. (b) The software failure incident occurring due to human actions: - Google decided not to disclose the security issue related to the data leak in Google+ in March, fearing regulatory scrutiny and public relations issues [Article 76416]. - Internal memos suggested that Google initially chose not to inform the public about the issue, which raised concerns in the cybersecurity community [Article 76416]. - Google faced criticism for not disclosing the vulnerability earlier, similar to the situation Facebook faced with the Cambridge Analytica scandal [Article 76416]. - Google's decision not to disclose the security issue was influenced by considerations about how it would look to regulators and the potential consequences of disclosure [Article 76484]. |
| Dimension (Hardware/Software) | software | (a) The articles do not mention any hardware-related issues contributing to the software failure incidents reported. (b) The software failure incidents reported in the articles were primarily due to software-related factors. Specifically, the incidents were caused by bugs in the Google+ software that led to the exposure of user data to third parties. The bugs in the Google+ API allowed third-party developers to access user data without proper authorization, affecting a significant number of users [76533, 76416, 76484, 78910, 78775]. |
| Objective (Malicious/Non-malicious) | non-malicious | (a) The software failure incident related to the exposure of user data on Google+ was non-malicious. The incident was caused by a bug in the software that allowed third-party developers to access user data without their consent. Google discovered the bug during routine testing and promptly fixed it [Article 76484]. The company stated that there was no evidence of any developer being aware of the bug or misusing the data [Article 76484]. Additionally, Google mentioned that the bug was not exploited by bad actors [Article 78910]. (b) The decision not to disclose the security issue immediately was due to concerns about regulatory scrutiny and potential public relations issues, rather than malicious intent. Google opted not to disclose the data leak initially to avoid public backlash and regulatory attention [Article 76484]. The company's legal and policy staff prepared a memo warning of potential embarrassment and regulatory scrutiny if the issue was made public [Article 76484]. |
| Intent (Poor/Accidental Decisions) | poor_decisions | (a) poor_decisions: The software failure incident related to Google+ can be attributed to poor decisions made by Google. The company knew about the security vulnerability in March but chose not to disclose it to the public, fearing regulatory scrutiny and potential embarrassment [Article 76416]. This decision to stay quiet despite knowing about the issue earlier led to criticism and raised concerns in the cybersecurity community [Article 76416]. Additionally, Google's decision not to disclose the data leak was seen as an attempt to avoid public relations issues and potential regulatory enforcement [Article 76484]. (b) accidental_decisions: There is no specific information in the articles indicating that the software failure incident was due to accidental decisions or unintended mistakes. |
| Capability (Incompetence/Accidental) | development_incompetence | (a) development_incompetence: - The software failure incident related to Google+ was due to a bug in its API that allowed third-party developers to access user data improperly. This bug was introduced in a software update on November 7 [Article 78775]. - Google discovered a bug in the API for Google+ that allowed third-party app developers to access user data without proper authorization [Article 76484]. - Google found another bug in Google+ that exposed user data from 52.5 million accounts, affecting names, email addresses, occupations, and ages. This bug was introduced to the network in November [Article 78910]. (b) accidental: - Google stated that the bug in Google+ was not exploited by any developer or misused, and there was no evidence of the data being compromised by a third party [Article 78775]. - Google mentioned that the bug in the API for Google+ was not operating as intended, and they promptly fixed the bug once discovered [Article 78775]. - Google found the flaw in the API for Google+ through routine testing by its staff, indicating that the exposure was accidental and not intentional [Article 78910]. |
| Duration | permanent | (a) The software failure incident related to Google+ can be considered as a permanent failure. The incident involved multiple bugs and vulnerabilities that exposed user data over a period of time. The first bug, affecting 500,000 users, was discovered in March and the second bug, affecting 52.5 million accounts, was introduced in November [Article 76533], [Article 76416], [Article 78910], [Article 78775]. The decision to shut down Google+ was made after these incidents, indicating that the software failure was not due to isolated circumstances but rather due to systemic issues within the platform. |
| Behaviour | crash, omission, value, other | (a) crash: The software failure incident related to Google+ can be categorized as a crash. The incident involved a bug in the software that allowed user data to be exposed, leading to the decision to shut down Google+ for consumers ([76533], [76416], [76484], [78910], [78775]). (b) omission: The software failure incident can also be categorized as an omission. Google did not disclose the security issue when it was initially found in March, omitting to inform users about the potential data exposure ([76416], [76484], [78910], [78775]). (c) timing: The software failure incident does not align with a timing failure as the issue was related to data exposure and not about the system performing its functions too late or too early ([76533], [76416], [76484], [78910], [78775]). (d) value: The software failure incident can be categorized as a value failure. The bug in the software led to the incorrect exposure of user data to third-party developers, indicating a failure in performing its intended functions correctly ([76533], [76416], [76484], [78910], [78775]). (e) byzantine: The software failure incident does not align with a byzantine failure as there were no indications of inconsistent responses or interactions in the articles ([76533], [76416], [76484], [78910], [78775]). (f) other: The software failure incident can be categorized as a failure due to a bug in the API for Google+ that allowed third-party app developers to access user data, which is not explicitly covered in the options provided ([76484], [78910], [78775]). |
| Layer | Option | Rationale |
|---|---|---|
| Perception | None | None |
| Communication | None | None |
| Application | None | None |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property | (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident involving Google+ exposed private user data, including names, email addresses, occupations, genders, and ages, to third-party developers. This exposure affected up to 500,000 users initially [Article 76533]. Additionally, a second bug in a Google+ API exposed user data from 52.5 million accounts, allowing improper access to user data for six days [Article 78775]. The exposed data did not include financial data, passwords, or other sensitive identifiers like Social Security numbers, but it did include profile data that users had not made public [Article 78775]. |
| Domain | information | (a) The failed system in question is related to the information industry, specifically social networking platforms like Google+ that involve the production and distribution of information [76533, 76416, 76484, 78910, 78775]. |
Article ID: 76533
Article ID: 76416
Article ID: 76484
Article ID: 78910
Article ID: 76968
Article ID: 78775