Google Plus shutting down in April 2019, second bug impacts data of 52 million users reveals company in a new blog post. (Image source: Reuters)Google has announced that it will be shutting down the consumer version of its Google+ platform by April 2019, instead of the earlier deadline of August 2019. This is after it discovered a new bug, which compromised the data of nearly 52.5 million users.
In October, Google had reported that a software bug in its API for Google+ which impacted close to half a million accounts. The original bug was discovered back in March 2018, though it had existed since 2015. Google did not report the issue immediately due to regulatory fears, according to earlier reports.
Google had then announced it would shutdown the social network. Now, the date for this has been expedited. In a new blog post on Monday, the company notes that they “recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API.”
The bug was fixed within a week, insists Google, but it has only informed the public of this now. It also insists that “no third party compromised our systems” or that app developers who had access to this data for nearly six days misused it or were aware of it.
However, all Google+ APIs will shutdown within the next 90 days as a result of this discovery. The new bug impacted approximately 52.5 million users in connection with a Google+ API, says the company.
The API allowed an app developer to view profile information of the user even when it was set to not-public. Typically this API would allow apps to view a user’s name, email address, occupation, age, etc from the Google+ Profile, but it seems that all information about a user was accessible, even when it was not set to a public view by the user.
Further Google notes, “apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user,” even when this data was not shared publicly on the platform.
Still, the “bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft,” according to Google’s blog.
The company is now notifying consumer users and enterprise customers impacted by this bug. It is also looking at other Google+ APIs as well. Over the coming months, it will also provide ways for users to download their data from Google+.
Where the enterprise customers go, Google has begun the task of notifying them. “A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered,” notes the blog post. Google says it will continue to invest in Google+ for enterprise.
When Google had first announced the data compromise, it has said maintaining the Google+ product was hard and that 90 per cent of user sessions were less than five seconds on the site. However, everyone with a Gmail or Google account automatically has a G+ account and that’s something many users might not even remember.
