Google said it found a "software glitch" in its Google+ social network in March that could have exposed the personal data of as many as half a million users, but decided not to tell the public until Monday (Tuesday NZT).
Google started an internal project called Strobe in the beginning of 2018 that looked at "third-party developer access to Google account and Android device data" and "privacy controls, platforms where users were not engaging" with APIs due to privacy concerns and other areas where Google policies "should be tightened".
The information exposed in the Google+ data breach included full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status. Google says they have no evidence that any developer harvested that data and don't show evidence that any even knew the bug existed.
In a statement to BleepingComputer, a Google Spokesperson said that their Privacy & Data Protection Office felt it was not necessary to disclose as it did not meet the threshold that would warrant it.
Google has recently been at the center of a number of privacy breaches.More news: Canada concerned over reports dissident journalist killed in Saudi consulate
More news: The cyber charges against Russian Federation : what have we learned?
More news: Kavanaugh a step closer to lifetime Supreme Court post after Senate vote
The issue has been fixed and company found no evidence the information was misused by any developers, he said.
In response to the story, BuzzFeed News tech reporter Ryan Mac declared, "The story here isn't really the potential data breach (which may affected hundreds of thousands) or that Google is shutting down Google+".
In the announcement, Google also announced raft of new security features for Android, Gmail and other Google platforms that it has taken as a result of the bug. Up to 496,951 users could have been affected, and up to 438 apps could have accessed the data. Unfortunately, the reason they are finally shutting it down is because the service possibly exposed the data of 500,000 users' profiles.
"Over the years we've received feedback that people want to better understand how to control the data they choose to share with apps on Google+". Now, only apps that fit a particular use case will be able to access these permissions. Developers will also have more limited access to Gmail data going forward. However, it will maintain a version of the site as an enterprise communication tool; it's also used internally at Google.
He said that given the legal issues Facebook faces over its Cambridge Analytica cover-up, it's not surprising Google tried to keep the leak out of the public eye. "Given these challenges and the very low usage of the consumer version of Google+, we made a decision to sunset the consumer version of Google+". By default, Google+ users can grant access to their profile data to third-party apps.