This was sent amongst the letters from utilities, private mail and of course, all the spam. Nearly missed it, nearly turfed it in the bin but thought I’d just read this one:
Dear Google User,
We are writing to inform you of a technical issue caused by a software update, which affected Google+ APIs (Application Programming Interfaces) between November 7th, 2018 PT and November 13th, 2018 PT when the issue was fixed. We have determined that the impact of this technical issue was limited to Google+ APIs that return profile information about users and resulted in two potential unintended effects:
- If you granted an app permission to view your profile information, such as name, email address, occupation, the app inadvertently was able to request and view more profile fields than you granted the app permission to view.
- If a person with whom you had shared profile information granted an app permission to view your public profile fields, that app was able to request and view your public profile fields, as intended, but inadvertently was also able to request and view any profile fields you had shared with that person, including profile fields that you had shared with that person but not shared publicly.
This issue was limited to profile fields and did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
The issue was detected by our automated testing and fixed on November 13th 2018 PT. We have no evidence that the app developers who inadvertently had this access for six days were aware of it or misused it in any way.
For your information, we are attaching a list of the affected fields and the corresponding app names (where available).
Inadvertently, eh? Well that’s OK then.