Google+ to close down earlier than planned after another data leak is discovered

We already knew that Google+ is closing down, but following the discovery of a second data leak, Google has announced that it is bringing the closure forward.

The company has revealed that a bug in the Google+ API exposed the data of 52.5 million users, and as a result it is expediting the shutdown. Previously due to close in August 2019, Google+ will now be killed off in April 2019.

See also:

• After failing to disclose user data leaks, Google is shutting down Google+ and improving APIs
• Google to kill off Allo as the company streamlines messaging in its own unique way
• Privacy-focused DuckDuckGo finds Google personalizes search results even for logged out and incognito users

Google will now also be closing down the Google+ APIs earlier than previously planned -- in just 90 days. The company explains that a "bug" was introduced in a software update in November, but says that it was fixed within a week. David Thacker part of the G Suite team says that "no third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way".

He goes on to say:

With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users.

Details of the problem are a little sketchy, with Google saying that the "Google+ API was not operating as intended". It does, however, share some information about the results of the investigation it carried out following the discovery of the issue:

• We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
• With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile -- like their name, email address, occupation, age (full list here) -- were granted permission to view profile information about that user even when set to not-public.
• In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
• The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
• No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.

Anyone who has been affected by the data leak should be contacted by Google. Acknowledging the concern that this latest revelation will cause, the company finishes by saying:

We understand that our ability to build reliable products that protect your data drives user trust. We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs. We will never stop our work to build privacy protections that work for everyone.

Image credit: Willy Barton / Shutterstock