According to the Wall Street Journal this morning, Google discovered a user data bug in Google+ last spring. However, the issue appears to not have been abused by any third-party developers. The company opted to not disclose the issue, but in response is now shutting down the failed social network for consumers.
As part of its response to the incident, the Alphabet Inc. unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. and is widely seen as one of Google’s biggest failures.
Described as a “software glitch,” third-party developers between 2015 and March 2018 were able to access “private Google+ profile data.” However, Google found “no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”
The profile data that was exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status; it didn’t include phone numbers, email messages, timeline posts, direct messages or any other type of communication data, one of the people said.
Google discovered the Google+ issue as a part of its broader Project Strobe initiative to limit third-party access to user data.
To resolve this issue, Google is shutting down the consumer aspect of the social network. It will remain available for enterprise clients that need an internal social network, but the regular app will be unavailable starting in August after a 10-month wind down period.
This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.
Google discovered and patched the issue as part of Project Strobe in March 2018. However, the company ultimately decided not to disclose the problem.
Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance.