Google has said it would shut down Google Plus, the company’s social
media platform, after it discovered a security vulnerability that
exposed the private data of up to 500,000 users of the service.
In a blogpost by Google on Monday, when the company’s technical staff
discovered the bug in March, they decided against disclosing the issue
to users because they hadn’t found anyone that had been affected.
In the blog post, Google said its “Privacy & Data Protection
Office” decided the company was not required to report the security
issue. Google looked at the “type of data involved, whether we could
accurately identify the users to inform, whether there was any evidence
of misuse, and whether there were any actions a developer or user could
take in response. None of these thresholds were met in this instance,”
wrote Ben Smith, a Google vice president of engineering..
Up to 438 applications may have had access to the vulnerability, but
Google said it had found no evidence that outside developers were aware
of the security flaw and no indication that any user profiles were
misused.
The incident could face additional scrutiny because of a memo to
senior executives reportedly prepared by Google’s policy and legal teams
that warned of embarrassment for Google similar to what happened to
Facebook earlier this year if it went public with the vulnerability.
The decision to shut down Google Plus was part of a broad review of
how much user information Google shares with third-party developers.
Google, a unit of Alphabet, also said it is limiting the apps that can
work with Gmail, the company’s email service, and constraining the
amount of data that developers can access through Android, Google’s
smartphone software.