Tech giant Google is ceasing its social network Google+ for consumers, it announced Monday, after discovering a data vulnerability potentially impacting up to 500,000 users.
The company said in a blog post it had conducted a review of its applications and services and found “a bug in one of the Google+ People APIs” that gives third-party websites and apps access to personal data from users.
“We discovered and immediately patched this bug in March 2018,” the company said — but it didnt disclose the vulnerability to its users at the time.
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” the company added.
The companys announcement follows a Wall Street Journal report claiming the company didnt disclose the data vulnerability “in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.”
Just under 500 applications potentially accessed personal information without the proper legal basis, the Wall Street Journal wrote, adding that it is impossible to assess the full scale of the bugs impact. Google said it ran tests for two weeks and found around half a million accounts are susceptible to potential privacy violations due to the vulnerability, which had existed since 2015.
Google also announced a series of measures to restrict access to users data and give people more control over how their data is shared.