This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
It said a bug in its software meant information that people believed was private had been accessible by third parties.
Google said up to 500,000 users had been affected.
According to a report in the Wall Street Journal, the company knew about the issue in March but did not disclose it.
The WSJ quoted an internal Google memo that said doing so would draw “immediate regulatory interest”.
In a statement, the firm said the issue was not serious enough to inform the public.
“Our Privacy and Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response.
“None of these thresholds were met here.”
Google+ was launched in 2011, quickly becoming known as a failed attempt to compete with Facebook.
Now, after several years of speculation that it was going to be shut down, Google is bringing Google+ for consumers to an end.
Google said it would continue to offer private Google+ powered networks for businesses currently using the software.
“It has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps,” wrote Ben Smith, Google’s vice president of engineering, in a blog post on Monday.
In the past, the company had been reluctant to share data on how often Google+ was used, but now, facing the fall out of exposed data, the firm appears keen to play down its importance.
“The consumer version of Google+ currently has low usage and engagement: 90% of Google+ user sessions are less than five seconds.”
Shares in Google’s parent company Alphabet fell by 1.23%
David Carroll is a US professor who sued Cambridge Analytica earlier this year to find out what data the company had stored about him. He said that given the legal issues Facebook faces over its Cambridge Analytica cover-up, it’s not surprising Google tried to keep the leak out of the public eye.
“Google is right to be concerned and the shutdown of Google+ shows how disposable things really are in the face of accountability,” he said.
For others, the leak was further evidence that the large technology platforms need more regulatory oversight.
“Monopolistic internet platforms like Google and Facebook are probably ‘too big to secure’ and are certainly ‘too big to trust’ blindly,” said Jeff Hauser, from the Centre for Economic and Policy Research.
He argued that the US Federal Trade Commission should move toward “breaking these platforms up”.
“In the interim, since we cannot trust that we know much or even most of what ought to concern the public, the FTC should install public-minded privacy monitors into the firms as an element of accountability.”