The bug was discovered in one of the Google+ application programming interfaces (APIs) when the company conducted an audit of third party developer access to Google accounts and Android data, in a project called Project Strobe. The glitch meant developers could access private details about people's friends too, including things like their email addresses, birthdays, profile photos, occupations, and relationship statuses. Alphabet Inc, Google's parent company, said about 5,00,000 Google+ accounts were potentially affected by a bug that may have exposed their data to external developers. In the meantime, Google says users should stay tuned for more information on how to download their data from the site, should they so desire.
Having said that Google had decide not to reveal this security issue back in March when it was first discovered. A spokeswoman for Google didn't immediately return a request for further comment.
In response to the breach, Google is shutting down all consumer functionality of Google+. Google has planned to make the permissions' part more transparent to avoid any confusion for the users. They identified that nearly 38 applications might have used this API. Up to 496,951 users could have been affected, and up to 438 apps could have accessed the data.
Writing in a blog post Monday, Google attempted to downplay the incident, saying it hasn't found any signs that the bug was exploited.
"None of these thresholds were met in this instance", the firm said in its blog post.More news: Microsoft fixed the data loss issue in Windows 10 version 1809
In any case, the conclusion is the same: Google is shutting down the consumer version of Google+, citing challenges in maintaining the service effectively.
Google said, "the consumer version of Google+ now has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds".
'To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August.
The company said it'll focus its energy on using Google+ as an enterprise product within companies.
The API flaw allowed third-party app developers to access profile and contact information that chose to sign into the apps via Google.