Google Data Breaches History & Full Timeline

Google Data Breaches History & Full Timeline Up to 2024

Published on: July 3, 2023
Last Updated: July 3, 2023

Google Data Breaches History & Full Timeline Up to 2024

Published on: July 3, 2023
Last Updated: July 3, 2023

There have been plenty of Google data breaches.

This is what happens when you fail to keep up with the evolving technological needs, and hackers could crack through any loophole.

It was definitely not easy for the Giant to admit that it had a leak of its user’s very confidential data.

This sort of thing can cause havoc in the world because the tech giant possesses information of millions of people.

Nearly more than half of the planet uses google for some reason or the other and confides in the platform to keep their data safe and secure.

Hence how could something of such magnitude happen in the first place?

Despite the leak, Google kept it very hush on many occasions; it did not divulge in detail about the possible damage that had been done.

No one knew at first the real extent of the leak and how long it would take to fix the matter.

People wondered whether their information was safe due to the Google data breach or was it in danger?

The Giant refused to reveal the details because it feared backlash from the masses.

What Really Happened?

In the world of technology, where data is constantly being transmitted, fearing data leaks is not at the top of our minds.

But when it happens, it is the only thing we think about.

In march 2015 to march 2018, suspicious activities were happening at Google without the tech giant knowing.

External tech developers would be able to gain access to Google + Profile information due to the software’s loose ends; hence, anyone who knows their way around technology can easily access through some of the weaker cracks in the software; and that is exactly what happened.

Google was aware of what was happening after some point and was aware of the Google data leak, but it knew that if the news broke out, the world would fall flat.

Hence, to protect their reputation, they rotated an internal memo that warned employees to refrain from speaking about the said breach to the public, which would give rise to a regulatory interest and eventually lead Google to be compared to Facebook.


When users use Google, they can give access rights to their profile data to Google and the apps through API.

The big bug in the system was that the apps would give access to profile fields that were shared with users, but they were not marked as public information.

Google, in their defense, reiterated that the said data was limited to “static, optional Google + Profile fields,” including users’ personal details such as name, email address, date of birth, gender, and job nature.

They also added that the fields did not show any google related information that was truly personal to a user such as personal data, like messages, posts, phone numbers, passwords, G Suite content, etc.

The Affected Profiles

At first, it was not so certain who really was impacted by the data breach as the tech giant kept it hush, but the industry was shaken by the news, and users were distraught.

An API log is only stored for up to 2 weeks; hence the giant confessed that there is no way to confirm how many users were affected because of the bug.

However, the company ensured they carried out a comprehensive data analysis to figure out how much the damage was.

Hence, over two weeks before trying to fix the system error, Google stated that perhaps over 500,000 Google profiles were affected.

Furthermore, Google also stated that it was not aware of whether any third-party developer was aware of such a crack in the system and claimed that they did not find any evidence that the data was misused.

Google Data Breaches History & Full Timeline Up to 2024

We can easily say that 2015 to 2018 was a rollercoaster ride for the tech giant as it had errors in the system that made millions of people very vulnerable.

The most recent Google data breach happened in 2018 when an error exposed many users’ confidential information.

Perhaps this was one of the largest breaches ever recorded by the tech giant, wherein about 52.5 million Google users were affected.

On top of this, it happened when Google was already going through a critical time as it had already been battling a data breach two months prior to the 2018 breach.

Hence due to these breaches, Google took a defensive measure and shut down its Google+ at the beginning of April 2019.

So far, Google is on a smooth trail and has conquered many of its obstacles; hence, in 2022, we don’t hear any news of any new data breaches.

Perhaps the Giant has tightened its security protocols; however, history has still its way of coming back.

December 2018: 52.5 Million Users’ Data Compromised Along with Google+


Google+ plus has been a problem child for Google during this timeline.

There were already speculations that Google was planning on getting rid of the division after the first data breach.

However, to the dismay of the tech giant, once again, the platform caused massive trouble.

A November update in Google+ gave birth to an API bug that was busy breaching data from 52.5 million Google+ accounts.

However, the Giant took proactive measures and ensured that the Google data leak bugs get fixed as soon as possible.

Within 6 days of the issue, the bug was fixed.

Furthermore, Google, at this stage, is already planning to bury Google+ in August 2019; however, the latest breach was a final nail in the coffin.

Google moved up the burial date for the platform and decided to put Google+ to its sweet slumber in April 2019.

March 2018: The Shock Of 500,000 User Data Breach

One of the most mind-boggling things that ever happened with Google was that the system was vulnerable to outside techies who knew how to find their way through the cracks.

This meant that developers who were not associated with Google were able to access all of Google+ users’ private and confidential data.

This bug was discovered by Google in the month of March 2018; that shook the ground.

However, the tech giant houses many brilliant technologists who took proactive measures and quickly fixed the bug, disallowing third-party developers to access confidential users’ data.

Furthermore, the Giant had also declined to talk about the subject matter and also declined full disclosure to the affected users.

Due to the reputational crisis they had in hand because of the data breach, it was important to keep things low-key.

A memo was rotated wherein Google warned not to leak the news of the data breach as this would put the Giant in a spotlight alongside Facebook since the company was already under the radar after the Cambridge Analytica scandal.

However, not much can stay hush on wall street, can it?

The news finally came to light when someone from Wall Street Journal took to the media and reported everything that had happened at Google.

The scandal was live in October 2018, and everyone was talking about it.

However, to remedy the damage, Google had to take certain measures to keep users from panicking.

They announced that they will be putting Google+ to sleep in August 2019.

However, the Giant had taken steps to bury it even earlier than their expected date, which was April 2019.

This decision resulted from another security breach in Google+ which warranted such measures.

November 2016: The Gooligan Malware Makes A Hit And Compromises Several Android Devices

The Gooligan Malware

One November evening, a cybersecurity company called Checkpoint stumbled upon another bug that was corrupting the security systems of Google.

The Googligan was a malware that infected thousands of Android devices, and it was reported that about 13,000 devices had been in jeopardy due to the data leak.

Cybersecurity investigated the cause behind such a catastrophic event: the bug penetrated the android devices due to phishing issues and third-party app downloads through the android store.

Hence this was a big eye-opener for every user out there who had their information on digital platforms such as Google.

Note that no device is completely secure from viruses or malware; hence it is important to refrain from downloading any third-party app stores.

You must ensure that you learn everything about identifying and avoiding phishing attacks to make sure that you are able to detect any kind of security breach before its too late.

September 2015: BrainTest Bug Attacks A Million Android Devices

BrainTest Bug

Something unimaginable happened in the digital world of Google Inc.

When not much was known about security systems came an unidentifiable threat that was not managed timely.

Checkpoint employees came across an app called the BrainTest that managed to disguise itself as a legit app; however, secretly, it infected millions of devices with stubborn, malicious malware.

Furthermore, this app was not a third-party app; rather, it was listed on the Google Play Store, making it seem all the more legit.

Through very complicated yet very discreet methods, the app’s developers made their way into google’s storefront.

They managed to bypass all security measures and Google Bouncers that were in place to boot out an app that was designed to corrupt the devices.

When the application was discovered by the cybersecurity agency, Google put an end to the app’s agenda and removed it from their Play Store.

September 14: 5 Million Gmail Passwords Came Under The Radar

No one knows what happened one September when most people were locked out of their devices.

The breach impacted about 5 million passwords, which means approximately 5 million people’s lives were exposed to a third party who was not supposed to have such information.

Google took swift action and ensured that everyone remained calm.

They confirmed that their systems were not compromised due to the Google password breach, and the company ensured all affected passwords were reset.

It was an event that will go down in history books as it was an event that knocked people off their chairs.

Some say that the leaked information was outdated and a collection of email credentials from times that did not involve Google.

Some data was current while others were not; hence this gives users a reason to install the two-factor authentication to ensure that their accounts remain safe and are hard to crack.

June till December 2009: When China Did Not Come Slow With Google Server Hacking

In 2009 Chinese hackers made their way inside Google’s servers; they did not just stop there but also attacked some of the leading companies like Yahoo and Dow Chemical.

The breach was disguised as spear-phishing attacks, and the hackers belonged to the Chinese government; yet another example of a Google security breach.

Google stated in one January 2010 blog post that the attack from China was targeted toward information related to Chinese human rights activists.

Furthermore, The Washington Post revealed that the Chinese hackers were also digging information regarding US laws regulating surveillance of Chinese intelligence operatives on US soil.

Google Privacy Violations Over The Years

Google Data

Even though Google came under intense scrutiny, this did not stop the Giant from coming under the radar again and again, as it was accused of data breaches and privacy violations on multiple occasions.

There are some notable offenses for which Google has been fined heavily.

July 2020: Google’s Lies About Privacy Protocols

Although technically no such breach occurred, an Australian watchdog seriously disagrees.

In July 2020, an Australian agency took to the news and shared how Google misled Australian users into giving their private data.

It was alleged that from 2016, Google had been on a spree to gather user account information from non-Google sites, which relied heavily on Google tech to display ads.

The agency exclaimed that this was another case of a data breach.

The watchdog stated that the information was obtained without the user’s consent; however, Google disagrees with that statement stating that their users explicitly consented to the same.

April 2020: When Google Was Slapped By A $5 Billion Lawsuit

This was one of the most scandalous cases in 2020 when Google was slapped with a lawsuit that claimed that Google was responsible for tracking users’ activity in incognito mode.

Google, in its defense, stated that it had informed users that not every data will be secured from being tracked in Incognito browsing.

However, the lawsuit alleged that the tech giant did not take appropriate measures to inform users that additional tracking tools could still track their activity information.

The lawsuit further added the issue regarding saved information gathered via incognito mode.

When we speak of this lawsuit, millions of users are exposed to the threat of having their activity tracked, especially those who have actively used the incognito mode since June 1,2016; yet another serious data breach.

September 2019: A $170 Million Fine On The Tech Giant Who Could Not Protect Children’s Privacy

Google was massively fined for about $170 million; as it wronged millions of parents.

Law mandated consent from parents of minors; before obtaining digital information of the child user.

Google was seriously violating the security law and had to pay out to aggrieved parents.

The issue revolved around viewers using YouTube Kids and the data collected from such usage.

Google was accused of collecting and sharing data with third parties without consent.

August 2018: Google Tracked Users Without Consent

On one eve of August 2018, 2 billion users were compromised.

If you set your settings as “off” in location history, the app would stop locating you and would stop keeping records of your location.

Only that it was not true. Even when the users kept their location track settings off, the data would still be shared in the web app and activity section.

In reality, when you turned off the location tracking, it only prevented Google from tracking a certain type of user’s movement data.

However, the settings did not prevent Google from tracking your location when checking the weather app or doing online searches unrelated to the location.

If users wanted complete privacy, they had to go to the web and app activity section to turn off location tracking.

However, this setting was not meant for location tracking; many considered it a privacy issue.

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Thomas McGovern

Thomas McGovern is a highly experienced blockchain and cryptography expert with over a decade of experience in the field. He has worked on numerous projects involving blockchain technology, including the development of decentralized applications and the implementation of secure cryptographic protocols. McGovern’s expertise in this area is complemented by his academic background; he holds a master’s degree in Mathematics, with a focus on cryptography and number theory.