Google+ says it found security flaw in March but chose not to tell users

Image: People wait in line to enter a Google product launch
People wait in line to enter a Google product launch event in San Francisco on Oct. 04, 2017. Copyright Elijah Nouvelage AFP - Getty Images file
By David Ingram with NBC News Tech and Science News
Share this articleComments
Share this articleClose Button

The flaw meant some Google+ profile information that users had thought was private could have been viewed by third parties.


Google said on Monday that hundreds of thousands of people who used its Google+ social network may have been affected by a security flaw that the company says it discovered and fixed in March.

The flaw meant some Google profile information that users had thought was private, such as a person's email address, occupation, gender or age, could have been viewed by third parties, the company said in a post on a corporate blog.

Though Google found the vulnerability seven months ago, it did not tell the public at the time.

The company said that was because it could not accurately identify which users to inform, whether there was any misuse or whether there were any actions a developer or user could take in response.

The Wall Street Journal reported that Google's legal and policy staff also prepared a memo warning that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica.

Google did not immediately respond to a request for comment on the report.

The security flaw will mean the end of Google+ for consumers, the company said. Google launched the service in 2011 as a challenge to Facebook but noted in its blog post on Monday that Google "has not achieved broad consumer or developer adoption."

"The consumer version of Google+ currently has low usage and engagement: 90 percent of Google user sessions are less than five seconds," the company said.

Low usage combined with the security challenges mean Google will wind down Google+ over the next 10 months, although it will continue to provide the service to businesses.

Google said it launched an effort at the beginning of the year called Project Strobe designed to review how other apps connect to Google +'s services, and that it was making other changes as a result. It said it would add "more granular" screens for granting permission to access data, and was adding new limits to the data that third-party apps can use.

Share this articleComments

You might also like

Apple launches faster chips, MacBook Pro laptops and cheaper Airpods - what are the upgrades?

What is the metaverse and why is Facebook betting big on it?

Euronews Debates | Profit vs public good: How can innovation benefit everyone?