A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, the report said, citing documents and people briefed on the incident. Thankfully, according to Google, no developer was aware of the bug, was misusing the Google+ API, or had misused private data from users' profiles. It is a root-and-branch review of third-party developer access to Google accounts and Android device data and of our philosophy around apps' data access, he wrote.
Google's failed attempt at a social media platform, Google+, will soon be coming to an end. "While our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption". As a result of a software bug related to the APIs used for Google+, 438 apps potentially had access to names, birthdates, email addresses, profile photos, occupations and more data covering 496,951 Google+ users.
A Google Australia spokesperson was unable to say how many local users were affected by the flaw, saying: "Every year, we send millions of notifications to users about privacy and security bugs and issues".
Despite the security gaff, Google officials opted not to disclose the problem at the time over fear of intense criticism akin to what Facebook went through after its privacy problems.
Almost 500,000 members of the Google+ social networking site had their user profile data left out in the open, easily accessible to third-party developers for over two years.
Google today revealed it'd be shutting down the consumer version of Google+ in response to a previously undisclosed security flaw - and also because no one's really using it.
The US internet giant said that 90% of Google+ user sessions lasted only five seconds long or less.
On Android, Google will limit apps ability to receive users call logs and short messaging service (SMS) data.
Companies have to inform a supervisory authority within 72 hours of a personal data breach under the EU's General Data Protection Regulation (GDPR) - unless the breach is not likely to risk the rights and freedom of affected users.