The Wall Street Journal was first to report about the Google+ data vulnerability Monday, pointing out in its report that the company chose not to disclose its findings when it first discovered and patched the bug in March.
According to The Wall Street Journal, Google had decided not to disclose the issue with its Application Program Interfaces (API) due to fears of increased regulatory scrutiny. Strobe found a sizeable flaw in Google+’ APIs, meaning that malicious apps could extract data from profiles, such as name, email addresses, occupation, gender and age.
Google said that a detailed analysis ran over two weeks prior to patching the bug revealed “the Profiles of up to 500,000 Google+ accounts” may have been potentially affected.
In a blog post, the company admitted Google+ had failed to achieve “broad consumer or developer adoption” since it launched as a would-be Facebook rival in 2011.
The company also debuted a number of new privacy controls, including limiting the apps that can access Gmail, call log, and text messaging data. It says it discovered the breach during a review this year of this type of third-party data access. But Google says it has no way of confirming these numbers or which users may have had their data exposed improperly. Google says it fixed the issue as soon as it was discovered, but the awful part of this all is that Google opted not to disclose the breach to users, instead sweeping the situation under the rug, hoping nobody would notice. Google CEO Sundar Pichai was informed of the plan to hide the security incident from the general public.
Earlier, the company had been reluctant to share data on how often Google+ was used, but now, facing the fall out of exposed data, the firm appears keen to play down its importance.
The API allowed users to grant access to their and their friends’ profile information to apps.
After several unsuccessful attempts to revive interest in Google+ and get more users on board, Google has made a decision to shut down the consumer version of the platform by the end of August 2019.
The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations.