In other words, Google learned about the three-year-long vulnerability and chose not to say anything out of fear that it'd be bad PR. The company announced today that it's killing the consumer version of Google+ after it discovered some major privacy issues with the official Google+ APIs.
Google also noted that the data that was exposed was limited to "optional Google+ Profile fields including name, email address, occupation, gender and age".
Google plans to shutter the consumer version of Google+, the company has announced in a blog post.
As for the possible data exposure, Google found a bug in an API that developers could use that exposed profile data for up to 500,000 people, even if you had marked it as private. Google confirmed that the bug provided third parties with access to user information.
As many as 438 applications had access to the unauthorized Google+ data, according to the Journal. Also, Smith is adamant Project Strobe found "no evidence" this bug was abused or even that the developers using the API were aware it existed.
Companies have to inform a supervisory authority within 72 hours of a personal data breach under the EU's General Data Protection Regulation (GDPR) - unless the breach is not likely to risk the rights and freedom of affected users. "We will share more information in the coming days". The change makes it so users must individually grant or deny each permission to access data in their consumer Google account, rather than accept or deny permissions all at the same time. We will remove access to contact interaction data from the Android Contacts API within the next few months.
Only an app users select as their default application for calls or texts will be able to request access to this data.
During the next 10 months, Google will provide consumers with "additional information" regarding ways they can download or migrate their data to other social media platforms if they so desire. It may have leaked user data since 2015 and was apparently found when Google started checking its sites for privacy leaks ahead of the GDPR rollout.
Google Chief Executive Sundar Pichai knew of the glitch and the decision not to publicly disclose it, the WSJ reported.
A spokeswoman for Google said that whenever user data may have been affected it determines whether to tell people based on a number of criteria.
The company responded in its blog post Monday by arguing that it had no evidence that anyone actually exploited the bug. The service, Smith said, failed both in consumer adoption and engagement with apps: "90 percent of Google+ user sessions are less than five seconds".
Google will continue to operate Google+ as an enterprise product for companies.