Google deliberately avoided disclosing the problem at the time, in part to avoid drawing regulatory scrutiny and damaging its reputation, according to a Wall Street Journal story that cited anonymous individuals and documents.
Earlier this year, Facebook acknowledged that tens of millions of users had personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016. According the WSJ, Google CEO Sundar Pichai both knew of and agreed with the decision not to plan to not disclose the data exposure. In a blog post, Google stated that they "cannot confirm which users were impacted by this bug" but "up to 500,000 Google+ accounts were potentially affected".
Smith said that when users grant permissions to access SMS, Contacts and Phone data to apps, they do so with specific use cases in mind, again indicating that the present policies have given developers overly broad access to people's information.
According to the company, profile information like name, email address and age from some users was available to apps, even if users had not marked it public.
While no evidence was found that indicates this bug was ever misused, it was determined that the complexity of protecting and operating a social network like Google+ was not a worthwhile endeavor when so few users actually used the service for any length of time.
A spokeswoman for Google said that whenever user data may have been affected it determines whether to tell people based on a number of criteria.
All these changes are happening in the coming months, giving users more control over their own data. Somehow, the intimate data of the first user would be included in the collection profile.
As for Google+, the search giant won't miss it that much because the site never got off the ground with end users. Google says it fixed the issue as soon as it was discovered, but the awful part of this all is that Google opted not to disclose the breach to users, instead sweeping the situation under the rug, hoping nobody would notice. "The consumer version of Google+ now has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds".
The company announced today that it's killing the consumer version of Google+ after it discovered some major privacy issues with the official Google+ APIs. Despite integration with the company's other, hugely successful products like Gmail, Blogger, and YouTube, Google admits usage is negligible. Also, Smith is adamant Project Strobe found "no evidence" this bug was abused or even that the developers using the API were aware it existed.