Google Data Breaches: Full Timeline Through 2023

In January 2023, some data pertaining to Google Fi customers was compromised in a breach of T-Mobile. Otherwise, the most recent Google data breach occurred in December 2018, when a bug exposed the data of 52.5 million Google+ users.

Below, we’ll go into detail on the full history of Google breaches, starting with the most recent.

January 2023: Google Fi Customer Data Stolen in T-Mobile Breach

In early January, a hacker stole customer data on over 37 million T-Mobile customers, including phone numbers, addresses, and more. Later in the month, Google notified Google Fi customers that some of their data was implicated in the breach.

In this case, Google itself was not hacked. Aside from the Google Fi customer data included in the T-Mobile breach, other Google services were in no way affected by this attack.

December 2018: Google+ Bug Exposes 52.5 Million Users’ Data

Google+ faced its second big breach of 2018 when a November update created an API bug that exposed data from 52.5 million Google+ accounts. Google fixed the bug within six days, and moved up Google+’s burial date from August to April 2019.

Google originally decided to terminate Google+ after another breach became public earlier in 2018 – read on.

March 2018: Google+ Bug Exposes 500,000 Users’ Data

In March 2018, Google discovered a bug in Google+. From 2015 until March 2018, third-party developers were able to access Google+ users’ private data.

When Google discovered the issue, it promptly fixed it – but declined to tell affected users or inform the public. An internal memo noted that revealing the leak would put Google “into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal.”

News of the breach only came to light when the Wall Street Journal reported on it in October, 2018. After the story broke, Google announced that it would shut down Google+ in August 2019. But when another breach hit Google+ in December 2018, Google moved its sunset up to April 2019.

November 2016: Gooligan Malware Compromises 1 Million Android Devices

In November 2016, cybersecurity company Checkpoint discovered a malware called Gooligan that at the time was infecting 13,000 devices every day. This app appears to have penetrated devices through a combination of phishing and third-party app store downloads.

No device is perfectly immune to malware. For the sake of security, I would strongly advise steering clear of third-party app stores and learning how to identify and avoid phishing attacks.

September 2015: BrainTest Malware Infects Up to 1 Million Android Devices

In September 2015, Checkpoint researchers discovered that an app called BrainTest was infecting Android devices with a pernicious, hard-to-remove malware. In this case, the app was listed on the Google Play Store. Through obfuscation techniques, these app developers were able to deceive Google Bouncer and land on Google’s app storefront. Upon discovery, Google removed the app in question.

September 2014: Nearly 5 Million Gmail Passwords Leaked Online

While it wasn’t immediately clear how the information was obtained, in September 2014, almost 5 million Gmail addresses and passwords were published online. While Google claimed that their systems weren’t compromised, and the company took relatively swift action, requiring password resets for impacted accounts, it was a major event overall.

It is possible that the leaked information was actually a collection of email credentials from different incidents not directly involving Google. Some of the compromised data seemed to be incredibly outdated, while other credentials appeared current. In any case, it’s never a bad idea to set up two-factor authentication to make your accounts that much harder to crack.

June – December 2009: Chinese Hackers Breach Google Servers

In 2009, a group of hackers working for the Chinese government penetrated the servers of Google and other prominent American companies, such as Yahoo and Dow Chemical. The breach seems to have originated through a series of spear phishing attacks.

In a January 2010 blog post, Google indicated that the goal of the attack seems to have been to dig up information on Chinese human rights activists. The Washington Post found that the Chinese hackers were also pulling information on U.S. law enforcement surveillance of Chinese intelligence operatives in the United States.

We did not find any earlier records of data breaches involving Google.

Google Privacy Violations Over the Years

Alongside the data breaches listed above, Google has frequently been accused of violating users’ privacy. Below are some of the notable accusations and fines leveled against Google.

July 2020: Google Accused of Misleading Millions of Users About Privacy

While not technically a breach, Google was accused by an Australian watchdog of misleading millions of Australian users about the use and collection of their private data. The watchdog alleges that starting in 2016, Google began combining Google account user information with activity from non-Google sites that relied on Google technologies for the purpose of displaying ads.

Since the information was combined without direct consent from users, the watchdog labeled the move a privacy violation. However, Google disagreed, stating that they did acquire explicit consent.

April 2020: Google Faces $5 Billion Lawsuit for Tracking “Private” Browsing

In a lawsuit, Google was accused of collecting internet browsing activity on users who were making use of “private” browsing modes, also called “incognito” browsing.

While Google states that it informs users that some data may be collected when using these alternative browsing options, the lawsuit alleges that Google didn’t appropriately inform users about the tracking tools that could still harvest their activity data. Additionally, the lawsuit also brings up issues of stored data involving incognito mode activities.

The proposed class for the lawsuit could including millions of users, essentially covering anyone who used the incognito mode since June 1, 2016.

September 2019: Google Received $170 Million Fine for Child Data Privacy Breaches

After accusations that Google failed to follow certain child privacy laws regarding the collection of data on children, the tech giant agreed to pay a $170 million fine. The massive child privacy case focused on failing to obtain consent from parents before collecting data on children under 13 years of age.

The main issue involved data collected by viewers using YouTube Kids, a section of YouTube dedicated to child-friendly programming. There were also accusations that the collected data was shared with third parties.

August 2018: Google Tracking Location Data on 2 Billion Users, Sometimes Without Permission

While Google stated that pausing a user’s “location history” would prevent the creation of location-oriented records, that wasn’t exactly true. Even when users adjusted their privacy preferences to turn off location tracking, that data was still being stored in the “web and app activity” section.

Turning off the location history only stopped Google from storing specific kinds movement data on the user’s timeline. However, it didn’t prevent location data collection when users took advantage of weather apps, conducted online searches (including those that weren’t location-specific or location-dependent), and a variety of other tasks. For that, users had to turn off “web and app activity” tracking, even though that privacy section said nothing about location data.

While not a breach, many considered it a significant privacy violation. In the end, up to 2 billion users may have been impacted.

About the Author

Find Michael on LinkedIn

Michael X. Heiligenstein

Michael X. Heiligenstein is the founder and editor-in-chief of the Firewall Times. He has six years of experience in online publishing and marketing. Before founding the Firewall Times, he was Vice President of SEO at Fit Small Business, a website devoted to helping small business owners. He graduated from the University of Virginia with a degree in English and History.

11 thoughts on “Google Data Breaches: Full Timeline Through 2023”

  1. China has a new supercomputer, they have been trying it out it attack your firewalls, Your Tech. will have a close watch, is an attack they built a new supercomputer they have to pay a good price for CPU , Ransomware is how they pay for the CPU

  2. Better catch up as of this writing,May 5th 2022. 3 billion people have had their passwords to various accounts stolen via a Google chrome data breach. I being one.

  3. I’m constantly being sent text and emails thru an Google Drive in regards to Bitcoin from various email addresses or people who refuses to stop sending it after blocking, reporting and begging not to, it still goes on daily thru out the day. So annoying

  4. I have dedicated my time to do these although am not supposed to be doing but the laudable job Henry did for me worth more than what i paid for,l have never dream of getting my husband phone call details and receiving his whatsapp and text messages(not even anytime soon).The day i started receiving all his messages that was the day l promised to come back to where l saw recommendation about him and join the good people to spread and share my experience. Married women pls contact him via email: and you can text, call him on whatsapp him on +12014305865, or +17736092741, and be saved from the bondage subjected by those selfish men.

  5. I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, and you can text, call him on whatsapp him on +12014305865, or +17736092741..

  6. Spyware Cyber did a fantastic job on my grade report for school, and I sincerely appreciate it. For quite some time, I had been struggling with low grades. Every method of deception I had tried had failed, they were all incapable. I registered with various hacking firms, and they were able to raise my school grade. After getting in touch and launching the procedure, I retrieved my grade exactly three days later as directed. Think about how shocked I was to learn my new grade. Connect with Spyware Cyber if you need to improve your academic performance.

    WhatsApp +19892640381.

  7. I’m recommending one of the best and most reliable cryptocurrency recovery services, Cyberwallfire Recovery Team ( Cyberwallfire@techie. com )
    I lost my hard-earned money on a fake website claiming high returns on my investment after I had invested through crypto within the space of a month. I couldn’t gain access to my capital and profits.
    After many days of searching and looking for a way to recover my money, a colleague at work told me about the Cyberwallfire recovery team, I was skeptical about it but I had to give it a try and to my surprise, all my money was recovered in 72 hours. I’m more than happy with the service of Cyberwallfire in helping me recover my money. Their contact information is ( cyberwallfire@techie. com )

  8. Cybercriminals take advantage of the low understanding surrounding digital assets to attract potential investors and make off with their money. They promise high returns on investments, with little-to-no risk. GearHead Engineers, a group of white hackers who use their tactics to help victims back on their feet by tracking and recovering funds stolen by cybercriminals. Email


Leave a Comment