"As part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs [application programming interfaces]: Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API. The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public … We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change," Google’s blog post read.
"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused," Google underlined.
Earlier in the day, the Wall Street Journal newspaper reported about the the bug and said that Google decided to conceal the information about the security breaches in order to avoid reputational damages as well as comparisons to Facebook’s Cambridge Analytica scandal.
The tech giant decided to shut down the consumer version of the Google+ social network. It will give users a 10-month transition period to let them download and transfer their data, while the Google+ for enterprise customers will remain intact due to its high popularity as corporate social network.