Google is shutting down the Google+ social network sooner that it had initially announced, after having confirmed that a bug impacted approximately 52.5 million users in connection with a Google+ API.
Two months ago, Google disclosed an error that exposed the private profile data of almost 500,000 Google+ users. By that time, Google announced that it would be sunsetting the consumer version of Google+ and its APIs because of the significant challenges involved in maintaining a successful product that meets consumers’ expectations, as well as the platform’s low usage.
Google says it recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API. Google says it fixed the bug within a week of it being introduced. Google says no third party compromised its systems, and that it has no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.
With the discovery of this new bug, Google decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, Google has also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019.
Google's investigation into the impact of the bug is ongoing, but Google has already confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age —were granted permission to view profile information about that user even when set to not-public.
In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
Google says that the bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
Google is currently notifying consumer users and enterprise customers that were impacted by this bug.
The disclosure comes a day before Chief Executive Sundar Pichai is set to testify before the House Judiciary Committee of the U.S. Congress about Google’s data collection practices. Some U.S. lawmakers from both major political parties have called for new privacy rules to better control Google, Facebook and other large technology companies.
The technology company has been also under fire on Capitol Hill over issues including why it delayed disclosing vulnerabilities with its Google+ social network, whether it will restart its search engine in China and if it is biased against Republicans.
In written testimony to the House Judiciary Committee made public on Monday, CEO Sundar Pichai said he led the company “without political bias.”
“We work hard to ensure the integrity of our products, and we’ve put a number of checks and balances in place to ensure they continue to live up to our standards,” Pichai’s testimony said. “I lead this company without political bias and work to ensure that our products continue to operate that way. To do otherwise would go against our core principles and our business interests.”