Google+ to shut down after security bug affects 500K accounts

Yolanda Curtis
October 8, 2018

Google announced it would be shutting down the Google+ social network permanently, partly as a result of the bug.

Up to 438 apps may have used the offending Google+ People API, and the profiles of up to 500,000 Google+ accounts were potentially affected, according to Google.

Shares of Google's parent company, Alphabet Inc, were down 2.6% following the news.

It said, "To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August". Currently, Google+ has "low usage and engagement", according to Google, and 90 percent of user sessions last less than five seconds.

A Wall Street Journal report published at the same time with Google's blog post claimed the API bug was far worse, and might have leaked user data since 2015, being only discovered when Google engineers started prodding Google sites for privacy leaks in preparation for the EU GDPR deadline.

Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API. "Given these challenges and the very low usage of the consumer version of Google+, we made a decision to sunset the consumer version of Google+".

Google said it had reviewed the issue, looking at the type of data involved, whether it could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take. Exposed data included names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.

The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers' expectations. The office looks at what data was taken, what affected users need to be informed, if there was any evidence of data abuse, and whether or not users could effectively respond. The bug gave apps access to information on a person's Google+ profile that can be marked as private. By giving developers more explicit rules of the road, and helping users control your data, we can ensure that we keep doing just that.

That will include fresh limits around Android apps to access Call Log and SMS permissions, while the Android Contacts API will now no longer allow contact interaction data to be accessed.

The firm is also ending access to contact interaction data on Android devices.

What's more, Google says these apps will have to agree to new rules around handling Gmail data and will be subject to 'security assessments'.

As for consumers, Google is now promising new security rules and tools to avoid a similar goof again.

The announcement comes as public scrutiny has intensified around Silicon Valley tech giants' management of user data, among other issues.

Other reports by iNewsToday