The discovery of another privacy flaw has pushed Google to shut down Google+ much earlier than expected.
Google announced on December 10 that it had discovered a security issue that potentially left more than 50 million accounts vulnerable in November. The revelation came shortly on the heels of a previous admission that a security lapse in March also affected thousands of users. Because of this, the company says Google+ will be shut down by April 2019.
— The Globe and Mail (@globeandmail) December 10, 2018
Google initially planned to sunset the platform by August 2019. The company made the announcement to close its Google+ network in October, after it admitted that an earlier breach affected 500,000 users.
The latest bug was said to have been inadvertently created by a software patch that Google developed last month. It reportedly gave third-party apps access to account users’ profile data and exposed even information that wasn’t made public. It took the company six days to notice it and find a solution.
In a blog post, Google’s Vice President of Product Management, David Thacker, shared that “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”
However, the bug made it possible for apps where users willingly shared their Google+ data to also access their friends’ profile or those of people who shared data with them. Google gave assurances though that it did not expose any passwords, financial data, or other sensitive details that could be used in identity theft.
The Alphabet-owned company had also suffered a security breach in March. That particular bug placed tens of thousands of users’ personal information at risk. The company waited half a year before it admitted to regulators and the public that there was a problem. The breach happened around the time Facebook was embroiled in the Cambridge Analytica controversy. Reports stated that Google delayed revealing the problem partly to avoid regulators from scrutinizing the company.
The admission that there was another security issue couldn’t have come at a worse time for the company. Google’s CEO, Sundar Pichai, was set to appear before the House Judiciary Committee on December 11 to be grilled about the company’s data practices.
Google+ will be shutting down all its APIs for developers within three months. However, the platform’s enterprise version will remain functional. Google also acknowledged on Monday that Google+ had a low number of users and that there were major obstacles to turning it into a successful product.
[Featured image via Google]