Google deliberately avoided disclosing the problem at the time, in part to avoid drawing regulatory scrutiny and damaging its reputation, according to a Wall Street Journal story that cited anonymous individuals and documents.
A software glitch in the Google+ social network exposed the personal information of hundreds of thousands of people using the site between 2015 and March 2018, according to a report in the Wall Street Journal.
The Google Plus data potentially exposed includes names, email addresses, occupations, dates of birth, genders and profile photos. The glitch was live for almost three years, according to the reports, but Google decided not to make the breach public because it feared regulation. The social network, which was launched in 2011, was initially supposed to be a response to Facebook and Twitter, but it has ceased to exist outside of a handful of niche communities for years.
The company said it determined its course of action based on the data involved in the breach, lack of evidence of misuse and challenges in accurately determining which users to inform. "None of these thresholds were met in this instance". Google itself says the issue was quietly resolved in March 2018, but not before third parties obtained private user data off of Google+ profiles.
One of the changes that Google is making to help give users even more control over their data is more in-depth permission dialog boxes.
Android data access is being restricted to app developers.
Meanwhile, the company said it was unable to confirm which accounts were affected by the bug it discovered, but an analysis indicated it could have been as many as 500,000 Google+ accounts.
For Google, a data privacy reckoning may finally come as a result of a service that it admits nearly no one uses much anymore.
The issue apparently came about when a user granted permission to an app, allowing it to access their public data. In the company's own words, "90 percent of Google+ user sessions are less than five seconds". The company, however, can not confirm which users were affected by the bug when it was active from 2015 to 2018. This is very similar to how Cambridge Analytica was able to collect data on millions of users too.
On Android, Google will limit apps ability to receive users call logs and short messaging service (SMS) data.
What's more, Google says these apps will have to agree to new rules around handling Gmail data and will be subject to 'security assessments'.