Google is shutting down Google+ for consumers following a security breach.
A software bug was discovered that gave developers access to private profile data of over 500,000 users.
However, Google says that there is no evidence of developers being aware of this bug. There is also no evidence that any data has been misused.
The bug was discovered in March 2018. A report in the Wall Street Journal says Google did not disclose this information sooner because it feared regulatory scrutiny.
Google+ Failed to Live Up to Expectations
Google admits that Google+ has failed to achieve broad consumer or developer adoption since its introduction.
The company revealed that the usage and engagement of Google+ is even lower than some might have guessed, as 90 percent of user sessions lasted less than 5 seconds.
With that said, it’s not likely that Google+ will be sorely missed, although it’s certainly worth noting that it’s shutting down.
At one time Google put significant effort into pushing the adoption of Google+, including using its data to personalize search results based on what a user’s connections have +1’d.
It’s possible Google+ may have been shut down eventually, but it’s the security breach that forced Google’s hand.
More on the Security Breach
During a security audit, Google discovered the following:
- A bug in one of the Google+ People APIs meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
- Data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.
- The data breach does not include any other data a user may have posted or connected to Google+ or any other service.
- The bug was discovered and immediately patched in March 2018.
- The profiles of up to 500,000 Google+ accounts were potentially affected.
- Google cannot confirm which users were specifically impacted by this bug.
- There’s no evidence that any developer was aware of this bug or abusing the API.
- There’s no evidence that any profile data was misused.
Google+ will shut down over a 10-month period, which is slated for completion by the end of next August.
More information will be available over the coming months, including ways that users can download and migrate their data.
Subscribe to SEJ
Get our weekly newsletter from SEJ's Founder Loren Baker about the latest news in the industry!