Google+ being shut down following potential data leak
Google has said up to 500,000 Google+ user accounts were potentially affected by a bug that may have exposed their data to external developers, and the company is shutting down the social network for consumers.
Google opted not to disclose the issue partly due to fears of regulatory scrutiny, the Wall Street Journal reported, citing unnamed sources and internal documents.
A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, the report said.
Shares of Google’s parent company, Alphabet Inc, were down 2.6% following the news.
The affected data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age, Google said.
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” Google said.
A memo, prepared by Google’s legal and policy staff and shared with senior executives, warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica, the WSJ report said.
Allegations of the improper use of data for 87 million Facebook users by Cambridge Analytica, which was hired by US President Donald Trump’s 2016 election campaign, has hurt the shares of the world’s biggest social network and prompted multiple official investigations in the United States and Europe.
Google Chief Executive Officer Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, according to the WSJ.
In weighing whether to disclose the incident, the company considered “whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response, a Google spokesman told WSJ.
“None of these thresholds were met here,” they said.
Credit reference agency Equifax fined for security breach
How a small French privacy ruling could remake adtech for good