Unreported Google data exposure affects hundreds of thousands: report
A vulnerability in the Google+ social network exposed the personal data of "hundreds of thousands" of people using the site between 2015 and March 2018, according to a report Monday by the Wall Street Journal.
A vulnerability in the Google+ social network exposed the personal data of up to 500,000 people using the site between 2015 and March 2018, the search giant said Monday.
Google said it found no evidence of data misuse. Still, as part of the response to the incident, Google plans to shut down the social network permanently.
The company didn't disclose the vulnerability when it fixed it in March because the company didn't want to invite regulatory scrutiny from lawmakers, according to Monday's report. Google CEO Sundar Pichai was briefed on the decision to not disclose the finding, after an internal committee had already decided the plan, the Journal said.
Google said it found the bug as part of an internal review called Project Strobe, an audit started earlier this year that examines access to user data from Google accounts by third-party software developers. The bug gave apps access to information on a person's Google+ profile that can be marked as private. That includes details like email addresses, gender, age, images, relationship statuses, places lived and occupations. Up to 438 applications on Google Plus had access to this API, though Google said it has no evidence any developers were aware of the vulnerability.
"The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers' expectations," Ben Smith, vice president of engineering, wrote in a blog post. "Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+."
The news comes as Silicon Valley companies have been increasingly scrutinized for their data collection practices. Facebook brought the issue to the forefront in March after its Cambridge Analytica scandal, in which a U.K.-based digital data consultancy harvested information on 87 million Facebook users without their permission.
Google has already drawn controversy over its data collection practices. In July, the company was criticized after reports that employees for a third-party email app could read emails if those third-party apps had been integrated with email users' Gmail accounts. Google was hammered again a month later, when the Associated Press revealed the company was tracking users' locations even after they'd turned off their phones' location history setting.
Last month, Google Chief Privacy Officer Keith Enright — alongside representatives from other tech and telecom giants including Apple, Amazon and AT&T — testified before the Senate on privacy practices in Silicon Valley. Google CEO Sundar Pichai reportedly is expected to take the hot seat in another congressional hearing after the US midterm elections in November.