Private data from hundreds of thousands of Google+ users was reportedly exposed and it’s said that Google decided to hide the breach from those who were affected by it. The Wall Street Journal reports citing sources close to the matter that Google chose to not disclose the breach because it feared increased regulatory scrutiny. The report adds that Google discovered and patched the issue earlier this year in March.
The scribe reports based on documents it reviewed that a software vulnerability enabled third-party developers to access private Google+ data between 2015 and 2018. An internal memo mentioned that even though there wasn’t any evidence of the vulnerability being misused, there was not way to know this for sure.
The data could be pulled by developers when a user gave permission to their app to access their public profile data. The report mentions that 496,951 users were affected by this breach. The exposed data includes profile photos, gender, birth dates, names, email addresses, places lived, occupation, and relationship status.
Google CEO Sundar Pichai was reportedly informed about the plan to not disclose the data breach. A document seen by the scribe warned that if the breach was disclosed, it could lead to “us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal.”
Google’s response to the issue has been to confirm that it’s shutting down the consumer version of Google+. This will happen over 10 months so that users can make the transition to another service. Google is also providing users with more control over the data they share with apps, limiting the apps that can get permission to access Gmail data, and more.