The private data of thousands of Google Plus users have been exposed. Unfortunately, Google failed to notify the users who were affected by the flaw.
According to the Wall Street Journal, the company decided to hide it because it dreaded regulatory scrutiny. But Google stated that it immediately fixed the issue after discovering it in March.
Despite the exposure, the company did not find proof of data misuse. However, the company is still shutting down, permanently, its social network as part of its response to the exposure.
Google’s CEO, Sundar Pichai, knew the decision about not unveiling the finding after the company’s internal committee concluded the plan. The company did not notify users because it was not obligated legally to reveal it. Furthermore, the company did not see any point in notifying users because it could not confirm who was affected.
Google found that flaw through its internal review known as Project Strobe. It is an audit that began this year. It aims to review access to its user data from Google accounts. It found that the glitch provided third-party apps access to details on a user’s Google Plus profile, which is marked as private. The details would include age, email addresses, gender, etc. There are 438 apps on this social network that could access the said API.
This incident, however, is the start of the end for Google Plus. You can still access it as the company will shut it down next year.
Google introduced its social network in 2011 amidst Facebook’s dominance. Unfortunately, it failed to overthrow Facebook because it was mismanaged. Then again, it is still a popular network for niche communities. But Google Plus is a reminder of the search engine giant’s misstep.
According to Google:
“We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.”
Google added that the bug did not affect users’ private messages. Even though it is downplaying the relevance of this incident, it is likely to affect the company negatively. It decided not to reveal the bug. However, this decision might only attract further scrutiny that it wanted to avoid.
It also announced significant changes to its policies about third-party apps. The changes include users to have more control over the information requested by Gmail apps. Google will also limit the services that can access Gmail. It will only allow apps that can improve directly its email functionality
Google will also provide limits on Android about the apps that can view the users’ call logs, as well as SMS data.
Because of this incident, Google Plus users will only have 10 months to enjoy the said social network. Google intends to finish the process in August 2019.