Google revealed Monday that its soon-to-be shuttered social network suffered from another security lapse, a software bug that could have allowed third-party apps and developers to gain access to 52 million users’ personal information without their permission.
For six days in November, an update to the underlying code of Google+ meant that apps seeking to access users’ profile information — including their names, email addresses, occupations and ages — could view that data even if it was “set to not-public,” Google said in a blog post. Apps could have accessed some non-public profile data that had been shared with a user, as well.
Google said that its systems had not been compromised and that there’s “no evidence that app developers” were aware of the bug or “misused it in any way.” But the revelation threatens to sharpen the scrutiny of the company’s chief executive, Sundar Pichai, when he testifies to Congress on Tuesday.
The security mishap is the latest stumble for Google’s problematic social media offering. In October, Google acknowledged it had failed for six months to reveal information about a bug that put at risk the data of hundreds of thousands of users.
Among those looped into those discussions about delaying public notification was Pichai, a person familiar with the matter said at the time. Google said it delayed the release of the information because it was initially uncertain about which users were affected or that the data had been misused.
In response to its latest findings, Google said Monday that it would shutter its social network in April 2019, five months sooner than it initially announced. The company also said it would inform affected users, including “any enterprise customers.”
“We understand that our ability to build reliable products that protect your data drives user trust,” wrote David Thacker, a vice president for product management at Google. “ We will never stop our work to build privacy protections that work for everyone.”
Google discovered its earlier Google+ security bug in March, the same month that Silicon Valley rival Facebook was facing scrutiny over its role in allowing people affiliated with political consultancy Cambridge Analytica to collect data on 87 million users. That incident prompted demands that Facebook chief executive Mark Zuckerberg testify on Capitol Hill, as he soon did.
The Federal Trade Commission has investigated privacy incidents at Google and other leading technology companies on several occasions. Google signed a consent decree with the FTC in 2011 to settle allegations that an earlier social media platform, Google Buzz, mishandled user data.