"A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue", The Wall Street Journal report said. Before patching it, Google ran an analysis and found that up to 500,000 Google+ accounts were affected.
The information exposed in the Google+ data breach included full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status. It did not include phone numbers, the content of emails or messages, or other kinds of communication data.
Following the news that a Google Plus security breach resulted in the exposure of 500,000 people's private information, the search engine giant has said it will be shutting down its social network for consumers. It launched in 2011 as a competitor to Facebook, but it quickly became clear this was one that Google was not going to win.
The Journal reported that the Google+ breach exposed Google's "concerted efforts to avoid public scrutiny of how it handles user information" at a time when regulators are the public are trying to do more to hold tech companies to account.
However, Google says that there is no evidence of developers being aware of this bug.
These apps will also need to agree to new rules on handling Gmail data, and will be subject to new security assessments. As of the time of this writing, it is impossible to know who had what information leaked.More news: 20 dead after crash involving wedding limo in NY
It also comes just weeks after a separate report in The Wall Street Journal detailed how the developers of some third-party apps are able to read users' email. The consumer version of Google+ now has low usage and engagement: "90% of Google+ user sessions are less than five seconds".
The incident also marks the beginning of the end for Google+, which the company plans to shut down over the next year. Google executives were concerned about appearances, particularly as Facebook is under fire after an analytics firm allegedly misused the data of tens of millions of users.
Android data access is being restricted to app developers.
On Monday, the company announced that it was shutting down its social network, Google+, which was the source of the flaw.
The company added that it chose to sunset the consumer version of Google+ due to the significant challenges in creating and maintaining it and its very low usage.