Google Plus to close after bug leaks personal information

Search giant likely to face heightened scrutiny after mishap exposes personal information of 500,000 users

People walk by Google's offices in New York, December 4, 2017. (AP Photo/Mark Lennihan, File)
People walk by Google's offices in New York, December 4, 2017. (AP Photo/Mark Lennihan, File)

SAN FRANCISCO (AP) — Google is shutting down its long-shunned Plus social network for consumers, following its disclosure of a flaw discovered in March that could have exposed some personal information of up to 500,000 people.

The announcement came in a Monday blog post, which marked Google’s first public description of the privacy bug.

Google deliberately avoided disclosing the problem at the time, in part to avoid drawing regulatory scrutiny and damaging its reputation, according to a Wall Street Journal story that cited anonymous individuals and documents.

The Mountain View, California, company declined to comment on the Journal’s report, and did not fully explain in its blog post why it had held off revealing the bug until Monday.

The Google Plus flaw could have allowed up to 438 external apps to scoop up user names, email addresses, occupations, genders and ages without authorization. The company said it did not find any evidence that any of the personal information affected by the Plus breach was misused.

The timeline laid out by Google indicates that the company discovered the privacy lapse around the same time that Facebook was under fire for a leak in its far more popular social network. Facebook’s breakdown exposed the personal information of as many as 87 million of its users to Cambridge Analytica, a data mining firm affiliated with US President Donald Trump’s 2016 campaign.

Congress summoned CEO Facebook CEO Mark Zuckerberg to be grilled about his company’s privacy issues in April.

Google CEO Sundar Pichai recently declined an invitation to travel to Washington to testify before the Senate about foreign governments’ manipulation of online services to sway US political elections. His absence incensed some lawmakers, who left an empty chair for Google alongside the Twitter and Facebook executives who appeared before the Senate committee in September.

“With this breach announcement, the empty seat bearing Google’s name just became a lot hotter,” said Mike Chapple, an associate professor of information technology, analytics and operations at the University of Notre Dame.

Pichai went to Washington to mend political fences with lawmakers in late September and agreed to participate in a White House roundtable on technology that Trump intends to attend. He also will appear in House hearings after the midterm elections in November.

Google has a strong incentive to position itself as a trustworthy guardian of personal information because, like Facebook, its financial success hinges on its ability to learn about the interests, habits and location of its users in order to sell targeted ads.

The desire to peer into people’s lives is one of the reasons that Google launched Plus in 2011. It was supposed to be a challenger to Facebook’s social network, which now has more than 2 billion users. But Plus flopped and quickly turned into a digital ghost town, prompting Google to start de-emphasizing it several years ago.

In the end, it appears the company may have kept it open just long enough to cause an embarrassing privacy gaffe that could give Congress an excuse to enact tighter controls on data collection.

“Every data mishap strengthens the bipartisan case for Congress to take action on data protection,” said Jonathan Mayer, an assistant professor at Princeton University, who formerly worked in the Federal Communications Commission’s enforcement bureau.

Europe began to impose tougher online privacy regulations in May. Those rules also include disclosure requirements for data breaches. Those rules do not apply to the Plus problem because Google discovered it before they took effect.

Most Popular
read more: