According to an initial report by The Wall Street Journal, Google exposed the personal information of hundreds of thousands of users of Google+ due to a security bug that allowed third-party developers to gain access to this information.
The company reportedly discovered the bug in March this year but decided against going public with the information, stating that it would lead to “us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal,” according to an internal memo.
“[W]e ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API,” said Ben Smith, Google Fellow and Vice President of Engineering, in a blog post outlining the company’s decision to shut down Google+ and findings of its Project Strobe security audit.
This Google report came just minutes after the WSJ report was published. While shutting down Google+ will not have any meaningful effect on the company’s bottom line, as 90% of Google+ sessions were less than 5 seconds, the coverup will likely draw significant scrutiny in the weeks and months to come.
Shares of Alphabet (GOOGL) finished the day down 1.02% on the reports.