Way back in December, 2018 we got notification from Google about issues with the Google+ APIs that were discovered in November, 2018. We were using Google+ APIs to get your
- email address
- given name
- family name
- organisation name
when you did a Google log in. The issue was that when you logged in, we could have had access to a lot more information than you originally gave us permission to see, including information that you did not share publicly with anyone.
Technically, we never used the now discontinued plus.me scope from Google+. However, we did, and still do use userinfo.email and userinfo.profile scopes and we only coded in for the fields already shown. We’re using our Atom Project, so you can review the code in Bitbucket where we access the users APIs if you’re interested (this change will be in release atom-1.0.7, which is coming soon.)
We received a list of our affected users from Google and we have notified them of this issue.
As a result Google have shutdown Google+ for general consumer user.
We won’t be shutting down Hakase SCORM Course Builder. What we have done is modify our code to no longer use Google+ APIs to retrieve data, but use the preferred Google login method and the same userinfo.email and userinfo.profile scopes with the correct OAuth2 method calls.
What does this mean for you? You can keep using Hakase SCORM Course Builder knowing that your data is (still) safe with us.
CEO, Tetsuwan Technology
We love learning.