Google+ shutting down after data leak affecting 500,000 users
Google exposed the private details of almost 500,000 Google+ users and then opted not to report the lapse, in part out of concern disclosure would trigger regulatory scrutiny and reputational damage, The Wall Street Journal reported Monday, citing people briefed on the matter and documents that discussed it. Shortly after the article was published, Google said it would close the Google+ social networking service to consumers.
The exposure was the result of a flaw in programming interfaces Google made available to developers of applications that interacted with users’ Google+ profiles, Google officials said in a post published after the WSJ report. From 2015 to March 2018, the APIs made it possible for developers to view profile information not marked as public, including full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status. Data exposed didn’t include Google+ posts, messages, Google account data, phone numbers, or G Suite content. Some of the users affected included paying G Suite users.
Google Chief Executive Sundar Pichai knew of the glitch and the decision not to publicly disclose it, the WSJ reported. Based on a two-week test designed to measure the impact of the API bugs before they were fixed, Google analysts believe that data for 496,951 users was improperly exposed. According to the report: