Google has reported a second data leak impacting 52.5 million Google+ users causing it to fast-track plans to shut down Google+ for consumers and its API's in April 2019, four months earlier than originally planned.
The announcement of Google's accelerated plans to shut down Google+ follows the company's decision in October to phase out Google+ for consumers by August 2019. The company outlined that the decision was in response to a security flaw and a result of "significant challenges involved in maintaining a successful product that meets consumers' expectations, as well as the platform's low usage".
In a blog post, Google VP of product management David Thacker said: "With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019."
Thacker outlined that the data leak came as a result of a software update in November which exposed users' data for six days. The bug was discovered as part of the company's standard testing procedure and was fixed within a week of it being discovered, according to Thacker.
The issue was related to the social network's application programmer interface (API), a tool that allows app developers to gather data to integrate their apps with Google's services.
Visit DATAx Singapore on March 5–6, 2019
The leak gave app developers access to users' information such as their name, email address, occupation and age. However, Thacker stated that sensitive information like a users' financial data or national ID number were not disclosed. "No third party compromised our systems and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way," he added.
Google has begun to notify users impacted by the data breach. "A list of impacted users in those domains is being sent to system administrators and we will reach out again if any additional impacted users or issues are discovered," Thacker commented.
"We understand that our ability to build reliable products that protect your data drives user trust.
"We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls and engage with users, researchers, and policymakers to get their feedback and improve our programs," Thacker concluded.