Skip to content

Google Data Breaches: Timeline Upto April 2023

google data breaches with timeline

Google is one of the largest technology companies in the world which has experienced a number of data breaches over the years. These breaches have affected millions of users and have highlighted the need for companies to take data security seriously.

Google has been targeted by hackers who have stolen user data, including login credentials, email addresses, and other sensitive information.

The data breaches have underscored the importance of data security and the need for companies to be transparent about breaches and take swift action to address them.

As more and more data is collected and stored online, the risks associated with data breaches continue to grow, making it essential for companies to prioritize data protection and invest in robust security measures. Below is the list of all data breaches of Google.

January 2023 – Google Data Breach

Early in January of 2023, a cybercriminal obtained confidential information on more than 37 million T-Mobile clients, such as phone numbers, addresses, and other data.

Subsequently, Google cautioned Google Fi subscribers that some of their data were related to security violations.

Google, in this instance, was not directly hacked, and apart from Google Fi customers’ data linked to the T-Mobile breach, none of its other services were impacted by this attack.

December 2018 – Google Data Breach

In 2018, Google+ experienced a major security breach for the second time that year, which occurred due to an API bug introduced in a November update. This exposed data belonging to 52.5 million Google+ accounts.

Google acted quickly to fix the bug within six days, and as a result, decided to accelerate Google+’s shutdown date from August 2019 to April 2019.

It’s worth noting that Google had already decided to terminate Google+ following an earlier data breach that was made public in 2018.

March 2018 – Google Data Breach

A bug in Google+ was detected by Google in March 2018, which allowed third-party developers to access the private data of Google+ users from 2015 until March 2018. Although the issue was fixed quickly, Google chose not to disclose the breach to affected users or the public.

According to an internal memo, revealing the leak would have attracted unwanted attention to Google, potentially overshadowing Facebook during the Cambridge Analytica scandal.

The information about the breach was not made public until October 2018 when the Wall Street Journal reported it. Following the publication of the story, Google disclosed that it had plans to terminate Google+ in August 2019.

However, a subsequent breach of Google+ occurred in December 2018, causing Google to advance the shutdown date to April 2019.

November 2016 – Google Data Breach

Checkpoint, a cybersecurity company, found malware called Gooligan in November 2016, which was infecting 13,000 devices each day. The malware seemed to have entered the devices through a mix of third-party app store downloads and phishing.

To ensure security, I recommend avoiding third-party app stores and understanding how to recognize and evade phishing attacks because no device is completely immune to malware.

September 2015 – Google Data Breach

Checkpoint researchers found out in September 2015 that BrainTest, an application available on the Google Play Store, was infecting Android devices with stubborn and difficult-to-eliminate malware.

Despite using obfuscation methods to deceive Google Bouncer, the app developers were able to get the app listed on Google’s app storefront. After being identified, the app was removed by Google.

September 2014 – Google Data Breach

In September 2014, around 5 million Gmail addresses and passwords were made public online, although the source of the information was not immediately apparent.

Despite Google’s assertion that their systems had not been breached, the incident was significant, and the company responded promptly by mandating password resets for affected accounts.

There is a possibility that the information that was leaked could be a compilation of email login details from various incidents that did not have any direct link with Google. The leaked data consisted of both obsolete and current credentials.

Regardless, it is always recommended to enable two-factor authentication to enhance the security of your accounts and make them more difficult to breach.

June To December 2009 – Google Data Breach

Back in 2009, Google and other notable American corporations like Yahoo and Dow Chemical were infiltrated by a team of hackers believed to be affiliated with the Chinese government. The attack was reportedly initiated through a sequence of targeted spear phishing attempts.

Google stated in a blog post in January 2010 that the objective of the attack appeared to be to obtain data on Chinese human rights activists.

According to The Washington Post, the Chinese hackers were also collecting information on U.S. law enforcement’s monitoring of Chinese intelligence operatives within the United States. There is no evidence of any previous incidents of data breaches involving Google.

Timeline For Google Privacy Breaches

Google has faced criticism and scrutiny over the years for user privacy breaches. Some of the most notable violations include Google’s use of personal data without explicit consent, its tracking of users’ online activity without permission, and its compliance with government surveillance programs.

Google has also been accused of anti-competitive behavior, such as favoring its own products in search results.

These violations have led to regulatory investigations, fines, and legal challenges. Despite these challenges, Google remains a dominant force in the tech industry and continues to be a major player in shaping the future of the internet.

July 2020 – Google Privacy Breach

An Australian watchdog accused Google of misleading millions of Australian users regarding the use and collection of their private data, although it was not technically considered a breach.

According to the allegations, Google began combining user information from Google accounts with non-Google sites that relied on Google technologies to display ads, starting in 2016.

The watchdog accused Google of a privacy violation for merging information without users’ direct consent, but Google refuted the claim, asserting that they did obtain explicit consent.

April 2020 – Google Privacy Breach

Google was alleged to have gathered internet browsing information from individuals utilizing “private” or “incognito” browsing modes in a legal case.

According to the lawsuit, despite Google’s claim of informing users about data collection while using alternative browsing options, the company failed to adequately disclose the tracking tools that could continue to collect their activity data.

The lawsuit also raises concerns about the storage of data related to incognito mode activities.

The proposed group of individuals involved in the lawsuit could consist of millions of users, encompassing essentially anyone who has used the incognito mode since June 1, 2016.

September 2019 – Google Privacy Breach

Google was accused of violating child privacy laws related to data collection on minors, and as a result, the tech company has agreed to pay a $170 million fine.

The case revolved around the company’s failure to acquire parental consent before collecting data on children who are under 13 years old.

The primary concern was related to the information obtained from users of YouTube Kids, a section of YouTube that focuses on age-appropriate content for children, and allegations were made that this data was shared with external parties.

August 2018 – Google Privacy Breach

Despite Google’s claim that disabling a user’s “location history” would halt the generation of location-based records, this statement was not entirely accurate.

Even after users modified their privacy settings to stop location tracking, the information was still retained in the “web and app activity” category.

Disabling the location history feature only halted the storage of certain types of movement information in the user’s timeline by Google.

Nonetheless, it didn’t impede the gathering of location data when the user utilized weather applications, performed online searches (including non-location-specific or non-location-dependent ones), or completed various other tasks.

In order to prevent this, users were required to turn off tracking for “web and app activity,” despite the fact that this privacy section didn’t mention anything about location data.

Although it wasn’t technically a breach, it was widely viewed as a major infringement of privacy. Ultimately, as many as 2 billion users could have been affected.

Kevin James

Kevin James

I'm Kevin James, and I'm passionate about writing on Security and cybersecurity topics. Here, I'd like to share a bit more about myself. I hold a Bachelor of Science in Cybersecurity from Utica College, New York, which has been the foundation of my career in cybersecurity. As a writer, I have the privilege of sharing my insights and knowledge on a wide range of cybersecurity topics. You'll find my articles here at, covering the latest trends, threats, and solutions in the field.