The WSJ has reported a major breach at Google that has compromised data of hundreds of thousands of Google+ users. It is believed that many third-party developers have accessed their data sometime in March this year. The fear of attracting regulatory scrutiny and the subsequent damage it could cause to its reputation has prevented Google from making the breach public according to news sources.
Google+ was rolled out in 2011 to confront Facebook. The site evolved several times after it was launched could not achieve real success despite numerous changes and updates over the roughly seven years of its existence. The company’s attempt to make Google+ a self-sustaining social network to rival Facebook, Instagram or Pinterest fell way short of expectations.
Google said that the potential breach which affected up to 500,000 Google+ accounts was caused by a bug in an API. Their analysis reveals that 438 applications may have used this API.
However, Google insists that there is no evidence of any misuse of profile data. The company says that the consumer version of Google+ will be shut down and they will maintain a basic version of the site as an enterprise communication tool.
In a recent blog post, the company said, “The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.” The closure will happen in August 2019 after a fair transition period of 10 months. The company is also making moves to enhance consumer control over data shared with app developers.
The move is unlikely to affect marketers as they weren’t relying on Google+ greatly in the first place. However, the breach is being viewed in the larger context of the recent developments in the area of data privacy and security.
Tech giants Google and Apple are now giving users enhanced control over data. They can now limit the exposure of data to third parties.
The latest development is expected to add fire to the privacy debate. Companies can expect stringent federal regulations that can preempt any new local privacy and data security laws. Data breaches will be dealt with more strictly.
Postscript: Google has disputed the portrayal of the Google+ development as “data breach” and has offered the following comment:
Every year, we send millions of notifications to users about privacy and security bugs and issues. Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.
Our Privacy and Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met here.
The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.