Google announced on Monday that it is shutting down the long ailing social network Google+ for consumer use amid new scrutiny.
The company has reportedly fail to publicly disclose a security bug affecting hundreds of thousands of accounts on the service.
It would be recalled that Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytical.
Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
In a blog post, the company admitted Google+ had failed to achieve “broad consumer or developer adoption” since it launched as a would-be Facebook rival in 2011
In the statement released by Google, the said that it “discovered and immediately patched” a bug in March 2018 that potentially allowed app developers to access profile data from users that had not been marked as public. The bug is said to have affected as many as 500,000 accounts.
The same month that the bug was discovered, Facebook’s Cambridge Analytica data scandal came to light, prompting politicians on both sides of the Atlantic to call for hearings and regulation
Google is keen on keeping this security flaw a big secret as their legal team has warned even the senior executives at the company that disclosing the security flaw could lead to “immediate regulatory interest.”
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
“Every year, we send millions of notifications to users about privacy and security bugs and issues,” a spokesperson for Google said in a statement provided to CNN Business. “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blogpost.