Commenting on the incident, Jessica Ortega, a website security analyst at Web security firm SiteLock, said the Google+ flaw allowed more than 400 apps using the Google+ API to access the personal information of approximately 500,000 users.
The Journal also reports that Alphabet chose not to disclose the issue this past spring, when the issue was first discovered, "in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage..." This is very similar to how Cambridge Analytica was able to collect data on millions of users too.
"Going forward, consumers will get more fine-grained control over what account data they choose to share with each app", Google said. In addition, Google is limiting the ability of Android apps to obtain Call Log and SMS permissions on Android devices, and is no longer allowing access to contact interaction data through the Android Contacts API.
According to the company, profile information like name, email address and age from some users was available to apps, even if users had not marked it public.
Skripal poisoning suspect is Russian doctor who works for military intel
Using this identity, Alexander Petrov, travelled extensively to several European countries including Ukraine and Moldova. This is how British authorities discovered the two Russian agents allegedly behind the novichok attack.
"We discovered and immediately patched this bug in March 2018", Ben Smith, the company's vice president of engineering, wrote. "Earlier this year, right at the time they discovered this, the Facebook Cambridge Analytica data breach had just happened, there's a lot of regulator scrutiny of Facebook and tech companies and how they're handling data, and internally, they were anxious about being pulled into this conversation in a bigger way". Y'know...other than users' data, and consumer trust.
Action 1: We are shutting down Google+ for consumers. Please be aware that you will lose access to things like Google Photos, Gmail, Google Drive and other Google services. A document in the WSJ's possession warned that if it was disclosed, it could result in "us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal".
But it's not doing so exclusively out of concern for users' privacy: Smith admitted the network is not a success, saying "The consumer version of Google+ now has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds".
The company told WSJ that shutting down Google+ is part of a recent effort to limit third-party developers access to its users' data, including Gmail add-on developers and Android app developers.
Google says it will give users a 10-month period to transition out of Google+, slated for completion by the end of next August.