In October, Alphabet announced it would begin shuttering its failed social network, Google+, after internal investigations revealed bugs that could have leaked user info. The proposed 10-month sunsetting period has been cut down to a mere 90 days now that an additional API bug was discovered, affecting some 52.5 million users.
Your first reaction may very well be “holy shit, Google+ has 52.5 million users?” and yes, we share your surprise. The scale of Alphabet’s dwindling social network is unfortunately matched by the depth of personal data that this bug apparently made available, which included full names, ages, genders, relationship statuses, email addresses, occupations and/or schools attended, and places of residence. The bug, according to Google, “granted permission to view profile information about that user even when set to not-public” during the six days between when it was introduced in November and when it was fixed.
As was the case with the last bug discovery, Google+ represents such a irrelevant target that its parent company claims to have found “no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.” Then again, more details may emerge, and if they do, it wouldn’t be the first time a tech company downplayed the impact of a data leak.
Google, for reasons unknown, affirmed that although the public-facing portion of Google+ will wheeze its last in April, the company will “continue to invest in Google+ for enterprise,” whatever that means.
If you receive notice that your Google+ data was misused, or work for Alphabet and know something about this situation, don’t hesitate to send us a tip. We’re available via email, Keybase, or anonymously via our Secure Drop server.