Google has announced that it will be shutting down the consumer version of its Google+ platform by April 2019, instead of the earlier deadline of August 2019. This is after it discovered a new bug, which compromised the data of nearly 52.5 million users.
In October, Google had reported that a software bug in its API for Google+ which impacted close to half a million accounts. The original bug was discovered back in March 2018, though it had existed since 2015. Google did not report the issue immediately due to regulatory fears, according to earlier reports.
Google had then announced it would shutdown the social network. Now, the date for this has been expedited. In a new blog post on Monday, the company notes that they “recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API.”
The bug was fixed within a week, insists Google, but it has only informed the public of this now. It also insists that “no third party compromised our systems” or that app developers who had access to this data for nearly six days misused it or were aware of it.
However, all Google+ APIs will shutdown within the next 90 days as a result of this discovery. The new bug impacted approximately 52.5 million users in connection with a Google+ API, says the company.
The API allowed an app developer to view profile information of the user even when it was set to not-public. Typically this API would allow apps to view a user’s name, email address, occupation, age, etc from the Google+ Profile, but it seems that all information about a user was accessible, even when it was not set to a public view by the user.
Further Google notes, “apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user,” even when this data was not shared publicly on the platform.
Still, the “bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft,” according to Google’s blog.
The company is now notifying consumer users and enterprise customers impacted by this bug. It is also looking at other Google+ APIs as well. Over the coming months, it will also provide ways for users to download their data from Google+.