Google announced that it will be shutting down consumer use of the long-ailing social platform Google+ after it was revealed that a security bug dating back more than six months was not disclosed by the company.
According to the Wall Street Journal, Google may have opted not to disclose the bug at least in part to avoid regulatory scrutiny, though the platform, originally launched to compete against Facebook, has had lackluster adoption among users and may well have been slated for the digital dust heap long before the security issue came to the notice of Google.
Google announced Monday that it had discovered and immediately patched a bug in March 2018 that affected about a half million users, but found no evidence that the bug had been exploited.
“We ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.”
The blog also said that because Google only stores API information for a short window of time, it is impossible to say which 500,000 Google+ users may have been affected.
According to Google, at issue were “static, optional Google+ Profile fields including name, email address, occupation, gender and age.” In other words, content that is often public-facing on social media sites. That said, developers in theory could have accessed data intended to be private such as a user’s date of birth. Had the discovery occurred after the GDPR went into effect in May, it is possible the matter may have been more problematic for Google.
Read more here.