Google admits to potential Google+ data leak after getting caught
Google is shutting down its Google+ social network for consumers after discovering–and, for seven months, not disclosing–a bug that could have exposed private data for up to 500,000 users since 2015. The search giant says this data is limited to static profile fields such as name, email address, age, gender, and occupation, and does not include any Google+ posts or Google account data.
Although Google discovered and patched the potential data leak in March 2018, the company initially opted not to publicize it. The Wall Street Journal‘s Douglas MacMillan and Robert McMillan report that Google was worried about public perception and regulatory scrutiny, and that Google wanted to avoid comparisons with Facebook, which at the time was dealing with its own data privacy scandal. (Google claims that it kept the bug secret because it found no evidence of misuse, couldn’t identify affected users, and couldn’t provide users or developers with any course of action.)
Shortly after the WSJ’s story broke, Google announced a set of sweeping security changes:
Google says it began reviewing developer access at the start of this year, so these new policies might have arrived even without the WSJ’s reporting. Now they just come off as damage control.