Following a massive data breach first reported on by The Wall Street Journal, Google announced today that it is shutting down its social network Google+ for consumers.
According to the Wall Street Journal’s sources as well as documents reviewed by the publication, a software vulnerability gave outside developers access to private Google+ user data between 2015 and 2018. And an internal memo noted that while there wasn’t any evidence of misuse on behalf of developers, there wasn’t a way to know for sure whether any misuse took place. Google said that it also found no evidence that any of the developers behind the 438 applications that used the API in question were aware of the bug.
Though Google allows developers to collect Google+ profile information when granted access by users, a bug gave developers access to the profile data of friends of those users as well, regardless of whether those friends had chosen to share that information publicly. It included static data fields such as name, email, occupation, gender and age. It did not include information from Google+ posts. The bug was patched in March 2018, but Google didn’t inform users at that point. “We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks,” the company said in a blog post. “That means we cannot confirm which users were impacted by this bug.”