You’ll remember in October Google decided to shut Google+ down after finding data on 500,000 of its users had been exposed.
It’s now going to expedite that process after finding a bug that balloons the number of affected users to 52.5 million.
Our investigation into the impact of the bug is ongoing, but here is what we have learned so far:
- We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
- With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
- In addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
- The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
- No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.
All Google API access will be killed off in 90 days. The closure of the consumer version of the network will be moved forward from August 2019 to April.
Google said it would continue to invest in Google+ for its enterprise customers.
Update: Here’s my take for BBC News.