By Nadine White
Google is shutting down the consumer version of its Google+ social network following a huge data breach.
The company announced on its blog on Monday that data from up to 500,000 users may have been exposed to external developers by a bug that was present for more than two years in its systems.
The tech giant said it had discovered and patched the leak in March, and had no evidence of misuse of user data or that any developer was aware or had exploited the vulnerability.
Shares of its parent company Alphabet Inc, however, were down in response to what was the latest in a run of privacy issues to hit big US tech companies.
The Wall Street Journal reported earlier that Google had opted not to disclose the issue in a bid to avoid a regulatory backlash, citing unnamed sources and internal documents.
Under the European Union’s General Data Protection Regulation (GDPR), if personal data is breached, a company needs to inform a supervisory authority within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedom of users.
— Bloomberg (@business) October 8, 2018
Explaining the move, Vice President of Engineering, Ben Smith, wrote that it came about following a security review.
“Over the years we’ve received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+,” he said.
“This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps.
“Our review showed that our Google+ APIs, and the associated controls for consumers, are challenging to develop and maintain.”
It was explained that the consumer version of Google+ has low usage and engagement with 90 per cent of user sessions lasting less than five seconds.
Smith also went on to confirm that the company had found a “bug”, affecting as many as 500,000 users, that exposed users’ private data to third-party apps between 2015 until this March 2018.
The issue has been fixed and company found no evidence the information was misused by any developers, he said.
Meanwhile, it was announced today that a High Court judge in London blocked a mass legal action against Google over claims that it collected sensitive personal data from more than four million iPhone users.
The litigation was brought by campaign group Google You Owe Us, led by former Which? director Richard Lloyd.
The tech giant faced claims that it bypassed privacy settings on Apple iPhone handsets between August 2011 and February 2012 and used data to divide people into categories for advertisers.
The campaign group hoped to win at least £1 billion in compensation for an estimated 4.4 million users of the device in the UK.