1(630)802-8605 Ravi.das@bn-inc.net

Well, we have ended this week of Cyber security with more or less the same kind of news as it had started.  The same thing about Russia, Facebook, China midterm election hacking, blah, blah, blah.  But there were some interesting news headlines as well, such as more arrests being, and more Cyber attackers being brought to justice and serving some pretty serious prison time.

Then there were some new stories on different malware attacks striking the financial industry, and the level to which the C-Level Execs should be held more accountable (I think that this latter one will be a top news headline for 2019).  But, there was something very unique that happened:  The shutting down of a Social Media site.

I am not talking about on a temporary basis, but rather on a permanent one.  Such is the case of Google+.  I just came across it this morning. Apparently, over the past few years, this tool has been a major victim of some rather serious Cyber-attacks.  During this time frame, the personal and confidential information of over 500,000 was leaked out to third parties, malicious or not.

More detailed information about this can be seen here, at this link:

https://www.pandasecurity.com/mediacenter/social-media/how-much-does-social-media-know-about-you/

In particular, the subscriber information/data was shared very much in the same manner as Facebook’s recent fiasco, with Cambridge Analytica.  It is not just end users here in the United States, but people all over the world whom have made use of Google+ have also been greatly impacted as well.

But the shocking thing about this is that the C-Suite knew about these Security attacks and breaches for as long as a six-month time period.

But of course, as usual, they did nothing about it to try and prevent.  Nor did they even bother to contact law enforcement or other state and federal regulators in order to report this (they are required by law to report this under any circumstance).

Of course, though, the C-Suite came out and defended themselves by stating that none of this private information and data was misused.

In an effort to protect themselves as well, the IT Security Staff, most notably that of vice president of engineering Ben Smith, stated that several software patches and upgrades were deployed to avoid any further data leakage.  He even further specified that no super sensitive information was stolen, such as that of Social Security and credit card numbers.

The parent company of Google, Alphabet (yes, I still can’t believe this is their actual name), even came out as well and made a statement that no other divisions of Google and their respective services were impacted (this includes Gmail, Docs, Drive, and Calendar).  The information and data that was heisted include the following:

*The names of the subscribers;

*Gender;

*Contact details (such as Email, phone number, etc.);

*The occupations of the subscribers;

*Their age.

My thoughts on this?

Google+ was created and launched a few years ago in an effort to take down the juggernaut created by Mark Zuckerberg.  But even given all of the capital might and resources that Google has at their disposal, they were simply not able to capture a substantial market share from Facebook.  Apart from the Security of things, this is another reason why Google+ will be shut down – very low levels of actual consumer usage.

In fact, only 10% of actual login session lasted only about five seconds!!   That is pretty bad. Google+ won’t just shut down right away, it will be phased out completely over the next ten months so that subscribers can try to salvage what they can from their personal accounts.

If you want to delete your Google+ account immediately, follow these steps:

*Click on your profile picture in your Gmail account (it should be on the upper right-hand screen of your browser);

*Go to the Google+ Profile;

*Go to Settings;

*Click on “Delete your Google+ profile.”

A long time ago, I had set up a Google+ account, but never used it. In a way, it’s sort of sad to see it go.  I wish there was some other alternative other than Facebook.  The only other social media site I make extensive use is Linked In.  At least there, you don’t have to keep reading posts about Trump, which is why I have grown to utterly despise Facebook.

But on the Security side of stuff, I still don’t get why it takes so long for the C-Suite to react to anything. Heck, if was me, and I was at that level, I would make sure that my IT Security jumped all over it.  But, in the end, they probably did not care, because it really wasn’t a huge money maker for them.

Even more surprising to me is given the levels of technological sophistication at Google, how this whole thing could have even happened.

Sure, they are just as prone to a Cyber attack as much as Facebook and Twitter are, but not to do anything for six months about it?  Once again, I just don’t get it.  Maybe I never will.  But whatever Social Media sites you make use of, make sure that there is no suspicious activity.

I know that Facebook and Twitter have some tools in them to see login and logout activity, so your best bet is to probably go into those settings and see if there are any anomalies.

If there are, your best bet of course would be to report it to the respective Social Media site, and reset your password, using a Password Manager.  And also, be very careful of the mobile apps that you use with Facebook. I have read about and even heard horrible stories of malicious apps being downloaded onto your Smartphone without you even knowing about it.