This month news broke that Google will be shutting down their Google+ network because of a data privacy breach that potentially exposed hundreds of thousands of users’ private data to developers working with the G+ APIs.
The Wall Street Journal reports:
Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.
As part of its response to the incident, the Alphabet Inc. unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. and is widely seen as one of Google’s biggest failures.
Google stated that it was unable to determine if the data had been inappropriately accessed during the time that the flaw was live – from 2015 to March 2018, when it was discovered and fixed.
The internal memo from legal and policy staff says the company has no evidence that any outside developers misused the data but acknowledges it has no way of knowing for sure. The profile data that was exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status; it didn’t include phone numbers, email messages, timeline posts, direct messages or any other type of communication data, one of the people said.
Google learned of the breach in March 2018 but did not disclose that information to users until early October 2018.