Google Is Shutting Down Google+ After Hiding a Security Flaw That Exposed User Data
Google exposed the personal information of hundreds of thousands of users of its Google+ social network and then chose to keep this breach hidden for months. After a report (paywall) by The Wall Street Journal, the company announced the data breach in a blog post this morning, confirming that personal information, including name, email address, occupation, gender, and age were exposed during the breach. Pulling a Facebook, Google apparently decided to keep the breach under wraps fearing repercussions of going public.
The search giant has now announced shutting down Google+, its social network that never really took off. The process of this shutdown will be completed over the next 10 months, the company wrote in a blog post. Google added that an extensive review led to a realization that Google+ isn’t really working successfully, pushing the company to shut it down for consumers.
The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.
The company will implement the shutdown over a period of 10 months that is expected to be completed by the end of next August. “Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data,” Google wrote.
While it admitted that Google+ has low usage and 90% of Google+ user sessions last less than five seconds, the company still plans to keep the sun risen(?) for its enterprise customers.
“We have many enterprise customers who are finding great value in using Google+ within their companies,” the Pixel maker wrote.
“Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network. Enterprise customers can set common access rules, and use central controls, for their entire organization.”
Google said that it plans to focus on the enterprise efforts and to make the platform more “secure.” It will also be launching new features purpose-built for businesses.
What exactly happened – the Facebook story of Google+
According to the WSJ report, “a software glitch in the social site gave outside developers potential access to private Google+ profile data.” This access reportedly lasted between 2015 and March, 2018 when the company finally discovered and fixed the issue (potentially in the aftermath of Facebook data disaster). The data included in this access given to outside developers includes full names, email addresses, places lived, birth dates, gender, profile photos, relationship status, and occupations. It doesn’t reportedly include messages, phone numbers or timeline posts.
Internal communications reveal that the tech giant’s legal staff warned against going public as the disclosure could trigger “immediate regulatory interest” and draw comparisons to Facebook’s Cambridge Analytica data leak. Apparently, the plan to keep the breach hidden was shared with the top executives, including Sundar Pichai, who was briefed on the decision.
Just like Facebook, the company says that it has no evidence if this data access was misused by outside developers, however, it is unlikely if an outside developer would share such a misuse with Google. Profiles of up to 500,000 Google+ accounts were potentially affected, Google notes.
The company has shared several steps it is taking to make its ecosystem more secure. The latest data breach comes after it was revealed in the summer that Google allows outside developers to read your emails for targeted advertisement. Along with several other security measures, Google added that it is limiting “apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.” More details on the security steps being taken are available here.