Google has announced that its shutting down the consumer version of its social networking website Google Plus — a competitor to Facebook that the technology giant launched in 2011. This update came right after the announcement that a bug in Google Plus may have exposed the data of up to 5,00,000 users to external developers. The bug was reportedly present in Google Plus’ systems for more than two years.
The technology giant said in blog that first discovered and patched the leak in March this year. The company goes on to say that at that point in time, it had no evidence of breach of any data or that any developer was in knowledge of the bug.
After the announcement, shares of Google‘s parent company, Alphabet Inc, were down 1.5% at $1150.75.
According to a report in The Wall Street Journal, Google had chosen not to reveal the bug with its API (Application Program Interfaces) because it feared scrutiny by regulatory authorities.
Google has said that analysed the issue and looked for the kind of data involved, if there was any evidence of misuse, whether users who had to be informed could be identified accurately, and if any actions could be taken by the developers.
The company further said that, “None of these thresholds were met in this instance. We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”
Going by the European Union’s General Data Protection Regulation, if users’ personal data is compromised, a supervisory authority needs to get informed about the breach by the company within 72 hours. The only exception to this is a case where the breach was not likely to result in a risk to users’ rights and freedom.
Speaking on the matter, Geoffrey Parker, an engineering professor at Ivy League college Dartmouth said, “It seems like the downside risk of having a story that says they intentionally hid information about a major breach from users is bigger than the upside of avoiding scrutiny. I wonder if there wasn’t more depth to the internal debate.”
The technology giant said that the software bug in its social networking website gave external developers a potential access to private data of the users between a major revamp of the platform in 2015 and March 2018 — when the issue was finally discovered.
However, only static data including name, email address, occupation, gender and age was affected.
The report in The Wall Street Journal states that a memo was prepared by Google’s legal and policy staff which was shared with the senior executives of the company. It stated that disclosing the data breach would lead to “immediate regulatory interest” — much like Facebook did after user information from the platform got leaked to Cambridge Analytica.
According to The Wall Street Journal, after the internal committee had decided on their course of action, Google Chief Operating Officer was told not to inform the users about the data breach.
Google also faced criticism for not sending a top executive to a Senate Intelligence Committee hearing on September 5 which was held to discuss what measures can be taken to stop foreign influence in US Elections. The hearing was attended by Facebook‘s Chief Operating Officer and Twitter’s Chief Executive. But Google’s top lawyer was rejected as a witness by the committee and an empty chair was left for the company during the hearing.