Google today announced their Google+ social platform will shut down sooner than previously announced. The service will sunset in April 2019, not August 2019, as previously announced. The accelerated closure of the service is due to a discovery that 52.5 million million users had been affected by a November software update bug affecting the Google+ API.
With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users.
The bug is connected to a certain API that allows apps to view information connected to users’ profiles, even when the user had their data set to private.
Our testing revealed that a Google+ API was not operating as intended. We fixed the bug promptly and began an investigation into the issue.
Our investigation into the impact of the bug is ongoing, but here is what we have learned so far:
- We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
- With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
- In addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
- The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
- No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.
Ahead of the April 2019 sunsetting of the platform, the network’s APIs will be shut down within 90 days from today.