[vc_row][vc_column][vc_column_text]
The bug in Google’s developer platform on Google Plus left users’s information, it was found out about in the March itself.
The company said it found no evidence the data had been improperly accessed or misused.
According to a report in the Wall Street Journal, Google discovered a “software glitch” earlier this year that allowed third-party developers access to some 500,000 private profile data since 2015, including “full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.”
That’s a lot of exposed data. And to make matters worse, Google found out about it in the spring and decided not to tell anyone, says report.
Up to 438 different third-party applications may have had access to private information due to the bug, but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blogpost.
Now Google+, which was already a ghost town largely abandoned or never inhabited by users, has become a massive liability for the company.
Shares of Google parent Alphabet fell more than 2 percent immediately after the report before paring some losses. The stock was last seen roughly 1 percent down.
The news comes from a damning Wall Street Journal report that said Google is expected to announce a slew of privacy reforms today in response to the bug. Google made that announcement about the findings of its Project Strobe security audit minutes after the WSJ report was published. The changes include stopping most third-party developers from accessing Android phone SMS data, call logs and some contact info. Gmail will restrict building add-ons to a small number of developers. Google+ will cease all its consumer services while winding down over the next 10 months with an opportunity for users to export their data while Google refocuses on making G+ an enterprise product.
Google also will change its Account Permissions system for giving third-party apps access to your data such that you have to confirm each type of access individually rather than all at once. Gmail Add-Ons will be limited to those “directly enhancing email functionality,” including email clients, backup, CRM, mail merge and productivity tools.
Google is shutting down its Google Plus social service for consumers, the company said. The service has long seen low usage, the company said, with 90 percent of Google Plus user sessions lasting fewer than 5 seconds.
Google Plus will wind down over the next 10 months, the company said. Users will be able to download and migrate their data to another service. The enterprise version of Google Plus will remain active.
Since the bug and subsequent security hole started in 2015 and was discovered in March before Europe’s GDPR went into effect in May, Google will likely be spared a 2 percent of global annual revenue fine for failing to disclose the issue within 72 hours. The company could still face class-action lawsuits and public backlash. On the bright side, G+ posts and messages, Google account data and phone numbers and G Suite enterprise content wasn’t exposed.
[/vc_column_text][/vc_column][/vc_row]