Google discovered a software bug that gave third-party developers access to the private profile data of users of its Google+ social network. In response, Google will shut down the consumer functionality of the service over the next ten months. The Wall Street Journal reports that Google didn't disclose the breach when it first discovered it in March to avoid regulatory scrutiny and reputational damage.
The possibly exposed data included the names, email addresses, birth dates, profile photos, and gender of up to 500,00 Google+ accounts, though not any information related to personal communication or phone numbers. Google says that 438 apps may have used the application programming interface, or API, that made the private data available, but that it found no evidence that any developers misused the information.
Google did not initially disclose the Google+ security breach when it first discovered it this spring because it feared regulatory scrutiny and reputational damage, according to a Wall Street Journal report citing documents and people briefed on the incident. A memo prepared by Google's legal and policy staff and seen by the Journal allegedly warned senior executives that news of the breach would cause "immediate regulatory interest" and draw comparisons to Facebook's Cambridge Analytica data scandal.
It's been a rocky summer for big tech: In the past year, Google, Facebook, Twitter, and other technology companies have all testified before various Congressional and Senate committees about their data and privacy practices, the risk of election meddling, and their possible conservative bias, among other topics.
Google says that it determines when to notify users about privacy and security bugs based on the type of data involved, whether it can accurately identify who to inform, whether there is evidence of misuse, and whether there is any action that a user can take in response, and that based on that criteria it didn't immediately alert users of the Google+ bug.
In response to the breach, Google plans to shut down all consumer functionality of Google+ over the next ten months, although it will maintain the enterprise version used by its G Suite business customers. Since the social network first launched in 2011, it failed to gain popular appeal and was broken up into separate products in 2015. The blog post states that the consumer version currently has low usage and engagement and that 90 percent of user sessions last less than five seconds.