The Google+ social network inadvertently gave app developers access to information on some 52.5 million users — even data that users designated as private — because of a “bug” in its software, Google says. The company had already announced it was pulling the plug on the social network because of an earlier incident, and now says the shutdown will happen four months sooner.
Users’ name, birth date, email address, work history and other information were exposed for nearly a week in November, Google says in a blog post about the privacy flaw.
Google announced in October that it was closing the consumer version of Google+ because of a vulnerability that left nearly 500,000 accounts exposed reportedly from 2015 to March 2018, as well as the fact that it had failed to catch on.
There was no evidence that data was misused in either incident, Google says.
“No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way,” Google says about the November problem.
The company adds that the November vulnerability did not expose passwords, financial information, ID numbers and other data often used for identity theft.
The flaw was in a software update to a Google+ API — or application programming interface — a widely used method for integrating users’ data and profile information into apps and devices. The company says it found the problem during a routine review and fixed it. That update took place in November.
Google+ was set to be shut down in August 2019, but Google has moved up its “sunset date” to April 2019. In addition, all of the social network’s APIs will be shut down “within the next 90 days,” Google says.
As part of that plan, Google says it wants to give users time to move to a different platform and promises to give users “ways they can safely and securely download and migrate their data.”
To some, the most surprising thing about the Google+ shutdown was the fact that the network was still up and running, after being introduced in 2011. Although the consumer version of the social network is going away, Google will continue to offer it to businesses. Both consumers and “enterprise customers” were affected by the recent privacy flaw, Google says.
For anyone who wants to leave the service early, the company has also posted a guide titled, “Delete your Google+ profile.”