Google is shutting down its long-shunned Plus social network for consumers following its disclosure of a flaw discovered in March that could have exposed some personal information of up to 500,000 people.
According to a report from The Wall Street Journal, this bug existed from 2015 through March 2018, and Google confirms that it patched the bug in March 2018 after it discovered its existence.
But in a blog post today, Ben Smith, Google Fellow and Vice President of Engineering, said the bug allowed third-party apps to also gain access to users' data that was marked private, not just the public data the apps would have normally been allowed to see.
Almost 500,000 members of the Google+ social networking site had their user profile data left out in the open, easily accessible to third-party developers for over two years.
In a statement to BleepingComputer, a Google Spokesperson said that their Privacy & Data Protection Office felt it was not necessary to disclose as it did not meet the threshold that would warrant it.
The company said that was because it could not accurately identify which users to inform, whether there was any misuse or whether there were any actions a developer or user could take in response.
The Wall Street Journal separately reported Monday that Google executives delayed announcing problems with Google+ because of concerns about its reputation and the danger of sparking new pushes for regulation.
Google has declined to comment on why it held off reporting the breach.
Apps requesting user data in SMS "only an app that you've selected as your default app for making calls or text messages will be able to make these requests".
The API allowed users to grant access to their and their friends' profile information to apps.
Google said it hasn't yet found any evidence that the data obtained as a result of the bug was misused. But those apps look downright buoyant compared with Google's own confessed numbers for Google+.
News of the security woes at Google Plus - and the company's failure to disclose them in a timely manner - sent shares of Alphabet were down $9.35, or 0.
"Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network", Smith says. As for why it's being shut down, Google says that Google+ has "low usage and engagement", with 90 percent of G+ user sessions lasting less than five seconds.
Google is closing the Google+ social network after an error exposed the private data of hundreds of thousands of users last spring, in an incident which the company never disclosed to those affected.