Google ran an internal test and found that as many as 496,951 users may have had their data compromised, according to the Wall Street Journal.
Google says it hasn't found any evidence that developers were aware of the bug, so it's unlikely that anyone abused it. In turn, this meant that nearly 500,000 users' names, email addresses, dates of birth, gender, location, occupation, and relationship status were made available to developers, all without their knowledge.
According to the WSJ (Via Engadget), a software vulnerability gave external developers on Google+ access to private Google+ user data for years; between 2015 and 2018.
Google also announced that, "we can not confirm which users were impacted by this bug". It did not include phone numbers, the content of emails or messages, or other kinds of communication data.
Google has even admitted that no one actually uses Google+.
As part of a slew of new security measures, Google is expected to clamp down on the amount of data it provides to outside developers through application programming interfaces (APIs), sources told the Journal.
Interestingly, the aforementioned WSJ report says that Google's legal and policy staff sent a memo to senior executives warning that disclosing the bug would probably result in "immediate regulatory interest".
Conor McGregor Claims Khabib's Manager Is A Terrorist
That would obliterate the previous highest UFC record of 1.65million buys for McGregor's rematch against Nate Diaz in 2016. I'm going to aim right between that man's eyes and this is never over. "This is never over; never, ever, ever over".
"It's important for consumers to realise that connecting apps in social media platforms only increases the amount of valuable information that could potentially be breached, as well as increased attack vectors that hackers can leverage".
In response to this, Google+ will be shutting down for regular users.
The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
The company added that it chose to sunset the consumer version of Google+ due to the significant challenges in creating and maintaining it and its very low usage. Up to 496,951 users could have been affected, and up to 438 apps could have accessed the data.
Apps will be required to inform users what data they will have access to. As a result, all European Union data protection authorities have jurisdiction to engage with Google on the breach.
Do share your thoughts and opinions on Google+ being shut down in the comments section below.
However, Google only keeps the log data of the API in question for two weeks, due to privacy reasons, and therefore "cannot confirm which users were impacted by this bug", Smith added.