Google is shutting down much of its social network, Google+, after user data was left exposed.
It said a bug in its software meant information that people believed was private had been accessible by third parties.
Google said up to 500,000 users had been affected.
Google to shut down Google+ after failing to disclose user data leak
This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
If that sounds familiar, it’s because it’s almost exactly the scenario that got Mark Zuckerberg dragged in front of the US Congress. The parallel was not lost on Google, and the company chose not to disclose the data leak, the Wall Street Journal revealed Monday, in order to avoid the public relations headache and potential regulatory enforcement.
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
Shortly after the story was published, Google announced that it will shut down consumer access to Google+ and improve privacy protections for third-party applications.
Google Plus Will Be Shut Down After User Information Was Exposed
Google said on Monday that it would shut down Google Plus, the company’s long-struggling answer to Facebook’s giant social network, after it discovered a security vulnerability that exposed the private data of up to 500,000 users.
Google did not tell its users about the security issue when it was found in March because it didn’t appear that anyone had gained access to user information, and the company’s “Privacy & Data Protection Office” decided it was not legally required to report it, the search giant said in a blog post.