Google is closing its troubled Google Plus social network following the discovery of a software glitch this past spring that may have exposed user information of up to 500,000 customers between 2015 and 2018, the company said Monday.
Ben Smith, Google's vice president of engineering, confirmed in a blog post the company had detected a "bug" in March that impacted the profiles of as many as 500,000 Google Plus users. Google said it immediately fixed the security flaw and had not uncovered evidence that the information was mishandled by any of hundreds of third-party developers that may have had access to the user data.
Despite the security flaw, Google executives opted not to disclose the problem at the time because they feared trouble from regulators after the intense criticism encountered by Facebook over its privacy woes, according to the Wall Street Journal. Google hoped to avoid comparisons to Facebook's leak of user information to Cambridge Analytica, the data firm accused of improperly using information on 87 million Facebook users on behalf of Donald Trump's 2016 presidential campaign, the Journal said.
The Google Plus data potentially exposed includes names, email addresses, occupations, dates of birth, genders and profile photos. In addition, 438 third-party applications may have used the application programming interface, or API, that allowed possible access to the data, according to Google.
The company will wind down the Google Plus network during a 10-month period expected to be done by the end of next August, Smith wrote in his post. He also vowed additional security steps would result in the wake of the incident.
Google declined to comment on the Journal's report, and didn't fully explain in its blog post why it held off on revealing the bug until Monday.
Since launching in 2011, Google Plus failed to garner a mass audience, and was broken into separate products in 2015. Even people who helped launch the product said the time had come to end it, CBSNews.com sibling website CNET noted on Monday after Google announced the social network's shutdown. "As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is... FINALLY," tweeted David Byttow, a former Google engineer.
As a tech lead and an original founding member of Google+, my only thought on Google sunsetting it is... FINALLY.— David Byttow (@davidbyttow) October 8, 2018
News of the security woes at Google Plus -- and the company's failure to disclose them in a timely manner -- sent shares of Alphabet were down $9.35, or 0.8 percent, to $1,148.00, on Monday.
One reason for Wall Street's wariness: Google CEO Sundar Pichai recently declined to an invitation to travel to Washington to testify before the Senate about foreign governments' manipulation of online services to sway U.S. political elections. His absence incensed some lawmakers, who left an empty chair for Google alongside the Twitter and Facebook executives who appeared before the Senate committee in September.
"With this breach announcement [Monday], the empty seat bearing Google's name just became a lot hotter," said Mike Chapple, an associate professor of information technology, analytics and operations at the University of Notre Dame.
Pichai went to Washington to mend political fences with lawmakers in late September and agreed to participate in a White House roundtable on technology that President Trump intends to attend. He also will appear in House hearings after the midterm elections in November.
Google has a strong incentive to position itself as a trustworthy guardian of personal information because, like Facebook, its financial success hinges on its success to learn about the interests, habits and location of its users in order to sell targeted ads.
The desire to peer into people's lives is one of the reasons that Google launched Google Plus in 2011. It was supposed to be a challenger to Facebook's social network, which now has more than 2 billion users. But Plus flopped and quickly turned into a digital ghost town, prompting Google to start de-emphasizing it several years ago.
But the company kept it open long enough to cause an embarrassing privacy gaffe that could give Congress an excuse to enact tighter controls on data collection.
"Every data mishap strengthens the bipartisan case for Congress to take action on data protection," said Jonathan Mayer, an assistant professor at Princeton University who formerly worked in the Federal Communications Commission's enforcement bureau.
Europe began to impose tougher online privacy regulations in May. Those rules also include disclosure requirements for data breaches. Those rules don't apply to the Plus problem because Google discovered it before they took effect.