Google+ to shut down after breach involving 500,000 users

Adjust Comment Print

Google is closing its social network, Google Plus, following the discovery of a security breach this past spring, in which up to 500,000 customers (between 2015 and 2018) had their information exposed. According to the Journal, Google's legal team said in a memo that news of the breach would result in "immediate regulatory interest".

Upon discovering the bug, Google patched it, but opted not to disclose it to the public out of fear of regulatory pressure and unfavorable comparisons to Facebook's Cambridge Analytica privacy scandal. Google said it immediately fixed the security flaw and had not uncovered evidence that the information was mishandled by any of hundreds of third-party developers that may have had access to the user data.

While Google has faced scrutiny in recent months for allowing third-party apps to access and share data from Gmail accounts, much of the privacy uproar hitting the tech industry has focused on Facebook.

According to the company, profile information like name, email address and age from some users was available to apps, even if users had not marked it public.

In addition to "sunsetting consumer Google+", the company is making changes to APIs on its other services, which will limit the amount of access developers get to data on Android and Gmail. The company, however, can not confirm which users were affected by the bug when it was active from 2015 to 2018.

Beers and cheers as Trump, Republicans celebrate Kavanaugh's rise to Supreme Court
During the rally, the president also accused Democrats of supporting sanctuary cities and of wanting to strip funding from U.S. He flashed two thumbs up when the final vote was declared and aides on board applauded.

Apps requesting user data in SMS "only an app that you've selected as your default app for making calls or text messages will be able to make these requests".

Google plans to shutter its Google+ social network for consumers, citing its limited adoption with users. However, "We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused". The consumer version of Google+ now has low usage and engagement: "90% of Google+ user sessions are less than five seconds". Enterprise users will continue to have access to the platform for the foreseeable future - Google says the social media website is better as an enterprise product, anyway.

As part of its breach disclosure blog post, Google also announced new privacy features for Google accounts and user data. When a user granted a developer permission to their profile, any of the data related to that profile could be collected by the developer.

Google today also revealed some more steps that it's taking to help protect user data.