Google a.k.a Alphabet (NASDAQ:GOOG) (NASDAQ:GOOGL) is pulling the plug on its Google Plus social network. That is, Google Plus won’t be a social network for the general public anymore — the service will stick around for corporate users.
Part of the problem since Alphabet cited is weak consumer interest in the service, but it took a security breach to finally motivate Google to shut platform down.
According to a report in the Wall Street Journal, Google discovered a bug in Google+ code in March and promptly fixed it, but decided not to reveal its existence. An internal Google memo cited by the newspaper showed that executives were worried about the damage the news would do to Google’s reputation at a time when Facebook was already under fire for mishandling customer data in the Cambridge Analytica affair.
Google did not tell its users about the security issue when it was found in March because it didn’t appear that anyone had gained access to user information, and the company’s “Privacy & Data Protection Office” decided it was not legally required to report it, the search giant said in a blog post.
The decision to stay quiet, which raised eyebrows in the cybersecurity community, comes against the backdrop of relatively new rules in California and Europe that govern when a company must disclose a security episode.
Up to 438 applications made by other companies may have had access to the vulnerability through coding links called application programming interfaces. Those outside developers could have seen user names, email addresses, occupation, gender and age. They did not have access to phone numbers, messages, Google Plus posts or data from other Google accounts, the company said.
Google said it had found no evidence that outside developers were aware of the security flaw and no indication that any user profiles were touched. The flaw was fixed in an update made in March.
Google looked at the “type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance,” Ben Smith, a Google vice president for engineering, wrote in the blog post.
The disclosure made on Monday could receive additional scrutiny because of a memo to senior executives reportedly prepared by Google’s policy and legal teams that warned of embarrassment for the company — similar to what happened to Facebook this year — if it went public with the vulnerability.
Early this year, Facebook acknowledged that Cambridge Analytica, a British research organization that performed work for the Trump campaign, had improperly gained access to the personal information of up to 87 million Facebook users. Mark Zuckerberg, Facebook’s chief executive, spent two days testifying in congressional hearings about that and other issues.
