Between 2015 and March 2018, as many as 500,000 users of the Google+ social network may have seen their personal data exposed, a new report reveals. In response, Google chose not to disclose the massive security flaw when they found and fixed the bug in March. Why? The search engine giant was afraid of drawing government regulatory attention, according to the Wall Street Journal's scoop.
Look, Google+ has never been the biggest social media success out there. From the fact that it launched in 2011, well after rival networks like Facebook and Twitter had been well-established, to the fact that the name itself is difficult to search online thanks to that awkward “+” sign — Google+ has always been seen as a bit of a joke.
Now, shutting down in the wake of a massive data breach, Google+ doesn't stand a chance of redeeming itself.
What Data Was Leaked?
Google says the security bug was located during an internal audit, Project Strobe, which began earlier in 2018. The bug, Strobe found, allowed third-party software developers to access data from Google accounts, including information marked as private on Google+ profiles — notably email addresses, age, gender, occupations, and locations.
Google claims to have no evidence of any third-party developer taking advantage of the bug. However, as many as 438 applications may have had the chance to do so.
Why the Google+ Data Leak Matters
The entire incident can't help but bring comparisons to another giant data breach, also due to third-party developers' access to user data: Facebook's Cambridge Analytica scandal.
In the grand scheme of tech company data breaches and leaks, the bug that's shutting down Google+ isn't even close to Facebook's breaches. Just last June, Facebook glitched and set 14 million users' post-sharing settings to public, whether they wanted to be public or not.
Could Google Face a Fine?
The European Commission fined Google $5.1 billion last July for violating EU antitrust regulations, so a fine wouldn't be unheard of. Meanwhile, Facebook's own similar data breach saw Mark Zuckerberg himself testify in court.
Still, it's too soon to say whether the data breach will result in direct legal action. It's not as large as the over 50 million users affected by the Cambridge Analytica breach. However, the months-long cover-up of the breach is disturbing. Whatever the legal ramifications, Google's public reputation is a lot closer to Facebook's following this news.
Is Your Data Safe?
Could your personal data have been exposed? Possibly, if you held an account on Google+ between 2015 and March 2018.
While your data is definitely private now, you should check the information that you have listed on your Google+ profile (including the information marked private) and make sure that it's not relevant information for any security questions that you may have set up on any of your other accounts.
What Next For Your Google+ Account?
Granted, the Google+ shutdown isn't due just to the data breach alone. Rather, the network hadn't been seeing the adoption and engagement it needed for a while, and Strobe's analysis was the final nail in the coffin.
“This review,” Ben Smith, vice president of engineering, wrote of Strobe in a blog post, “crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”
The Google+ transition into non-existence will take 10 months, and is set to be finished by August 2019. Few tears are being shed in the larger tech community, if this tweet from former Google+ engineer David Byttow is any indication:
As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is… FINALLY.
— David Byttow (@davidbyttow) October 8, 2018
However, others are sad to see the social network go, largely because it offered better moderation tools than Facebook and, by introducing broader gender designations, pushed Facebook to adopt them as well.
Users will have a full ten months to save any contacts or information they'll want to keep access to.