After another data leak, its second such leak in a year, Google today announced it was shutting down its beleaguered social media platform, Google+. API access will shut down even sooner, within the next 90 days.
The newest vulnerability affected 52.5 million users, according to Google. Profile information, including names, email addresses, age, and occupation were all exposed. Worse, accounts set to private were still affected. Apps may have also stolen data stolen with specific Google+ users, but not publicly.
“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days,” says David Thacker, VP of project management at Google, in a blog post. “In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019.”
Thacker says Google discovered the bug as part of its standard testing procedure, stating that there is “no evidence” that developers who had access to this data were aware of it, or had misused it.
Google has already begun notifying users affected by the bug.
In October, a similar Google+ vulnerability may have exposed data to app developers for as long as three years. The bug was discovered in March, but not publicly disclosed until October.
This leak, Thacker says, was discovered on its own, and live for just six days.