Tech giant Alphabet has shuttered the consumer side of its social network Google+ following a data breach earlier this year that it did not reveal until last week.
Up to 500,000 users were impacted by a glitch that saw personal data including emails, names and occupations available to nearly 450 applications.
Google discovered the potential breach in March this year but only confirmed it in a blog post following a report on it by the Wall Street Journal last week.
Due to the breach and “low usage and engagement”, the company has now moved to shut down the social networking platform for consumers by August next year.
Google Vice President of Engineering Ben Smith said a review of third-party developer access at the start of the year discovered a “bug” in Google+ APIs which potentially allowed developers to access private data of the friends of users of the apps.
The company has said this information is limited to name, email, occupation, gender and age, and doesn’t include messages or phone numbers.
Because the Google+ API logs are only kept for two weeks, the company has been unable to determine which specific users were impacted by the breach, but has said that up to 500,000 profiles were potentially affected.
Up to 438 applications could have used the API in question.
But Smith said that “no evidence” was found that any developer was aware of the bug or made use of it, and that it was “immediately patched” in March this year.
Despite the discovery seven months ago, the company only publicly confirmed the breach after it was revealed in the media this week.
Smith said that it didn’t reach Google’s threshold for notifying the public of a potential breach.
“Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance,” Smith said.
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”
But an internal memo sent to Google+ staff and obtained by the Wall Street Journal, said the company was concerned that revealing the breach would have seen it “coming into the spotlight alongside or even instead of Facebook, despite having stayed under the radar throughout the Cambridge Analytica scandal”.
The memo also said that its CEO would have had to testify before Congress as Mark Zuckerberg did if the breach was revealed, and it would have invited “immediate regulatory interest”.
Due to the flaws in its API and a general lack of interest, Alphabet has now moved to shut down the consumer side of Google+, which was launched in 2011 to compete with Facebook.
“The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations,” Smith said.
“Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.
This shutdown will be complete by August next year, while the enterprise side of the platform will remain in operation.
“We’ve decide to focus on our enterprise efforts and will be launching new features purpose-built for businesses,” Smith said.
The Google+ breach is the second major data breach involving a social media network revealed in the last fortnight, following 90 million Facebook users being hit in a breach earlier this month.
At the time, the social media giant said that it couldn’t tell whether any data was “misused or accessed”.
In response, Facebook logged out 50 million impacted accounts as a “precautionary step” and a further 40 million accounts were also reset.
The Office of the Australian Information Commissioner is currently making inquiries over how many Australians were affected by the breach.
It follows the major Cambridge Analytica and Facebook scandal earlier this year, which shone a spotlight on the data practices of tech giants around the world.