Google+ Shutting down after info from 500k Accounts is leaked. Today Google has announced that they are shutting down consumer version of Google+ after an API bug has leaked the personal information of up to 500k accounts. It’s said that the bug has been present in its systems for more than 2 years.
Google first discovered the bug in March 2018 and released a patch and a statement to say that there was no evidence of misuse or evidence of the vulnerability being exploited. However, Google felt that the effort involved in protecting user data on the social network outweighs the benefit of keeping the functionality running, when it hasn’t proven to be a very popular social network. They are set to close the consumer functionality of Google+ over a 10-month period.
After performing a code review of the Google+ APIs, they discovered a bug that could leak the personal information of Google+ account users. The bug allows a user to use installed apps to utilize the API and see personal information of that user’s friends. This personal information includes name, email address, occupation, gender and age.
Although Google has said they have seen no evidence the bug was exploited, it’s not possible for them to know if it has, or the extent, since they only keep two weeks of API logs for the Google+ service.
A report done by the Wall Street Journal stated that the bug existed between 2015 to March 2018 when it was patched. Google decided not to disclose the bug even though they weren’t sure it wasn’t exploited. The Wall Street Journal reported they have seen a memo by Google’s legal team advising not to disclose the data breach in case it attracts negative attention from government agencies around data protection.
A Google spokesperson has said they didn’t disclose the breach because it didn’t reach the necessary threshold to warrant informing users.