張貼日期:2018/12/24
主旨:轉知 G Suite team 通知其 Google+ API 的重要資訊,詳說明。
說明:
計算機與通訊中心
網路系統組 敬啟
Dear G Suite Administrator, We are writing to follow-up on our email from December 10th 2018 PT, regarding a technical issue caused by a software update which affected Google+ APIs between November 7th, 2018 PT and November 13th, 2018 PT. During this time period, third party applications to which a user granted access may have had access to more Google user profile data than intended. We have determined that impact was limited to Google+ APIs that return profile information. This resulted in two potential issues: Apps that requested permission to view user profile information, such as their name, email address, occupation, age were granted permission to view profile information about that user, even when it was set to not-public. Apps with access to a user's profile information also had access to profile information that had been shared with the app user, including profile fields that were not shared publicly. In both cases, this data was limited to profile fields. The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft. In our prior communication, we alerted you that some of your users may have been impacted by this issue. After further analysis, we have identified 19 of the users in your domain(s) experienced the issue. We are attaching the list of impacted users, the apps that had unintended access (if available), and corresponding affected fields. Please note that this issue was referenced in the Google+ blog post dated December 10th, 2018. We appreciate your business and sincerely apologize for any inconvenience this may have caused. If you have any questions, please contact Google Support and reference issue number 120744624. Sincerely, The G Suite Team
G Suite 管理員,您好: 謹此通知您,由於軟體更新造成一項技術性問題,因此 Google+ API 在 2018 年 11 月 7 日至 13 日 (太平洋時間) 之間受到影響。在這段期間內,第三方應用程式可能取得了比使用者預期更多的 Google+ 資料。我們將持續調查這項問題,目前已確定 people.get API 受到影響,導致以下兩項潛在問題: 如果應用程式曾要求權限,以檢視使用者加入 Google+ 個人資料中的個人資訊 (例如使用者名稱、電子郵件地址、職業、年齡等,完整清單請見這個網頁),這些應用程式可能已獲得檢視使用者個人資訊的權限,包括設為非公開的資訊。 具備使用者 Google+ 個人資料存取權的應用程式也能夠存取其他 Google+ 使用者與該使用者共用的個人資料,包括未公開分享的資料。 在這兩種情況中,第三方應用程式可存取的資料都僅限於 Google+ 個人資料欄位。這項錯誤並未授權開發人員存取其他資訊,例如財務資料、身分證號碼、密碼,或是容易用於詐欺或盜用身分的資料。 這個問題是由我們的自動化測試工具偵測發現,並已於 2018 年 11 月 13 日 (太平洋時間) 修正。我們並無證據顯示在這六天內無意中取得資料存取權的開發人員曾以任何方式濫用相關資料。 您網域中有 20 位使用者受到這個問題影響,我們將於近期內傳送後續追蹤電子郵件,並提供受影響的使用者帳戶名稱。 如需詳情,請參閱 2018 年 12 月 10 日發佈的 Google+ 網誌文章。 我們非常重視貴公司與您的業務,這項問題造成不便之處,敬請見諒。如果有任何問題,請與 Google 支援小組聯絡,聯絡時請附上問題編號 120744624。 祝一切順心! G Suite 小組敬上