After a privacy breach detected this spring, Google has decided to pull the plug on its social network, Google+, according to a disclosure released on Monday. The story is more complicated, as it’s about more than a simple data breach – it’s about Google keeping quiet and not publicly announcing the breach for fear of consequences including public scrutiny.
A software bug in the site allegedly allowed external developers to access hundreds of thousands of user profiles between 2015 and March 2018, reported The Wall Street Journal. Apparently, external developers could have accessed full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.
Google says there’s no evidence that data was abused or that developers even knew about the bug. The glitch was fixed in March 2018 when it was detected. This does, however, raise serious questions about the company’s approach to security and its treatment of users.
The Wall Street Journal, the first to report the incident, analyzed an internal document written by Google’s legal and policy team which argued that announcing the breach would generate “immediate regulatory interest” and compared the incident with the Facebook – Cambridge Analytica story. An internal committee, then decided not to inform users and just let it slide.
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” said a Google spokesman.
“Whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,” he added. “None of these thresholds were met here.”
Released in 2011, Google+ was meant to become a strong competitor for Facebook but it ended up a failed project.