EXECUTIVE SUMMARY:

Social media is showing cracks in the infrastructure as Google+ follows in the footsteps of Facebook, potentially exposing profile data for hundreds of thousands of users. To prevent going too far down the Facebook path, Google is shutting down the consumer version of its social media platform and overhauling its data privacy rules.

A software bug gave developers access to user data between 2015 and March 2018. As The Wall Street Journal explains, “Google makes user data available to outside developers through more than 130 different public channels known as application programming interfaces, or APIs. These tools usually require a user’s permission to access any information, but they can be misused by unscrupulous actors posing as app developers to gain access to sensitive personal data.”

The information exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status. What wasn’t included: phone numbers, email messages, timeline posts, direct messages or other communication data.

While the cybersecurity issue was discovered in March of this year, the delay in announcing the problem came down to a lack of specifics, according to Google’s corporate blog. “Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance,” said the blog.

Google also noted that during a two-week period prior to patching the bug, the company learned that up to 500,000 users may have had their data exposed to developers of 438 applications. But, it found no evidence that any developer was aware of the bug and no evidence that any profile data had been misused.

Meanwhile, though, The Wall Street Journal said Google also refrained from going public with the information out of concern that it “would draw regulatory scrutiny and cause reputational damage.”

Get the full story at The Wall Street Journal.