Remember Google+, Google’s try at a social network? As most people who spent their time online you’ve probably visited it at least once and set up your profile – be it because you were curious or because some other Google service more or less required it. In the end you probably abandoned it though. Most people did. Now Google+ is being closed down for consumers. While this is in part due to lack of interest, it’s also because of an API bug that apparently leaked the information of around 500 000 accounts.
Google’s inglorious Facebook moment
Wait, what? 500 000 accounts? Yes, you read that right: Google just had its Facebook moment. Accord to a blog post from Ben Smith, Googles vice president of engineering, the bug would allow third party apps to not only gain access to the data that users where willing to share. Instead they were also able to access information marked as nonpublic. This included email addresses, occupation, gender, and age.
Google apparently discovered the issue while performing a code review of the Google+ APIs. That was back in May. While the company fixed the bug silently, they chose not to disclose it. According to the Wall Street Journal the reasoning behind that decision was fear of regulatory scrutiny: after all the leak is pretty much comparable to Facebook’s Cambridge Analytica scandal.
Number of affected users unknown
While Google claims that around 500 000 accounts were affected it is hard to say if the number might not be higher and if the vulnerability has actually been exploited or not: the company only keeps two weeks of API logs for its Google+ service.
All in all the bug was probably the final nail in Google+’s coffin. While not the only reason that the service is closing down, it definitely contributed. According to Google it is just too time-consuming and not really worth it to maintain the product for the few people who actually use it.