Original Article Here: https://motherboard.vice.com/en_us/article/qv9xmb/google-plus-is-shutting-down-after-security-bug-exposed-user-info


Google is shutting down Google+, a social media service it launched in 2011 that few people used. Google made the announcement the same day that the Wall Street Journal published a story about a bug in the unpopular social media service that allowed outside developers to access users private data. According to The Wall Street Journal, Google first learned about the breach in March of 2018, but quietly patched the bug and decided not to tell anyone for fear of a regulatory backlash.

Google learned of the data breach during a security audit of its APIs in March. “In us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal. It almost guarantees [Google CEO Sundar Pichai] will testify before Congress,” said an internal memo obtained by The Wall Street Journal. Pichai was aware of the plan not to tell users about the breach.

From 2015 to March 2018, 438 outside developers had access to the profiles of more than 500,000 Google+ users. The developers would have had access to users full names, email addresses, gender, profile pictures, job status, location, and birth date. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” Google said in a statement it published after the Wall Street Journal published its story. The blog post confirmed that Google+ is shutting down, and provided more details about the bug (but not the alleged cover-up.)

“The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds,” Google said in a statement, confirming that Google+ remains very unpopular.

This news is just the latest in a series of high profile data security scandals rocking Silicon Valley. At the end of September, Facebook announced that hackers had stolen data from 50 million of its users. Before the story broke, Pichai had already agreed to testify before congress after a private meeting with GOP Senators.