Limit The Number Of Open Accounts To Limit Work-Related Cyber Exposure

February 4, 2021

Google, LLC will pay $7,500,000 to settle a class action lawsuit over allegations of exposing user data to third parties.

In October and December 2018, Google acknowledged that its Google+ media platform contained software bugs that could potentially expose user data to unauthorized third parties.

Although the number of users affected by the first bug is unknown, the number of users in the U.S. who could have had their account settings exposed by the second bug is estimated to be 10 million.

According to the plaintiffs' motion filed in support of the settlement, user profile information that could have been compromised includes usernames, genders, email addresses, occupations, and places lived. However, the motion noted that there was no evidence that the data had been accessed.

The class action lawsuit was filed in October 2018. Google shut down Google+ in April 2019.

Per the terms of the settlement, each claimant will receive a cash payment of between $5 and $12, depending on the availability of funds. The attorneys will receive up to $1,875,000 plus $200,000 for additional costs. Judy Greenwald "$7.5M settlement reached in Google+ class action suit" businessinsurance.com (Jan. 08, 2020).

Commentary

A simple truth is that the more accounts an employee has, the more likely they are vulnerable. To limit exposure related to work, employers should stress that employees should limit their work-related accounts.

Social media accounts present a unique vulnerability. Employees should avoid accessing personal social media accounts via work devices or networks.                  

If accessing social media is part of an employee’s job, they should create an account on social media sites with a reputation for protecting personally identifiable data.

If accounts exist for business (or personal) that are not used, now is a good time to delete those accounts.

The same holds true for vendor accounts. If employees registered with a vendor and no longer use that vendor, now is a good time to close that account.

Finally, your opinion is important to us. Please complete the opinion survey:

News

Credential Stuffing Attacks: What Types Of Organizations Are The Most Vulnerable?

A British institution falls victim to a credential stuffing system attack, shutting down its mobile access. Read about this cyber threat and how to protect your system. Read More

Microsoft Exchange Hack: Update Needed ASAP

Patches often fix vulnerabilities that cybercriminals are exploiting. Read why automatic updates are important, especially after the Exchange hack by a foreign agent. Read More

Malware Rarely Announces Itself But Waits In The Shadows

A newly identified malware on Mac computers that seems active, has yet to execute a payload. Security experts are baffled. Understanding current threats is a key defense. Read More