Google is going to shut down the consumer version of Google+ over the next 10 months, the company writes in a blog post today. The decision follows the revelation of a previously undisclosed security flaw that exposed users’ profile data that was remedied in March 2018.
The bug: It had been around since 2015 and was found in code that lets third-party app developers access publicly available Google+ profile data about users and their connections, so long as the user gives permission. The glitch meant developers could access private details about people’s friends too, including things like their e-mail addresses, birthdays, profile photos, occupations, and relationship status.
Google+ minus people: Google said it had found no evidence data had been abused, and that it would shut off consumer access to Google+ (a corporate version will presumably continue to run). However, it’s possible that data was abused and Google just doesn’t know about it yet. By the company’s reckoning, up to 438 applications may have been able to access private profile data because of the software bug. Google ran an internal test and found that as many as 496,951 users may have had their data compromised, according to the Wall Street Journal.
Google previously tried to quell privacy concerns earlier this year after The Wall Street Journal detailed how common it is for third-party app developers to be able to read and analyze users’ Gmail messages.