Google hasn't really done anything with Google+ in years, and so it's not surprising to learn Google is finally killing the social network.

It is surprising, however, that the move comes immediately after the disclosure of a security breach and a damning Wall Street Journal report.

Why is Google+ shutting down?

Google plans to shutter the consumer version of Google+, the company has announced in a blog post. Currently, Google+ has “low usage and engagement", according to Google, and 90 percent of user sessions last less than five seconds. 

But the decision to shut down Google+ seems largely due to a previously undisclosed security breach that exposed users’ profile data. 

You see, Google+ users could grant access to their profile data to third-party apps - just like users could with Facebook and Twitter. Google+ users could even allow a third-party app to access the public information of friends. The Google+ bug that's been discovered and disclosed was located in the Google+ People API. And it allowed third-party apps to gain access to users' data that was private.

Who's affected by the bug?

Up to 438 apps may have used the offending Google+ People API, and the profiles of up to 500,000 Google+ accounts were potentially affected, according to Google. However, The Wall Street Journal made the API bug seem worse. It may have leaked user data since 2015 and was apparently found when Google started checking its sites for privacy leaks ahead of the GDPR rollout.

The Wall Street Journal claimed Google tried to cover the breach, rather than make it public, to avoid "immediate regulatory interest".

Has the bug been patched?

Yes. Google said it discovered and patched the API bug in March 2018.

"We believe it occurred after launch as a result of the API's interaction with a subsequent Google+ code change," Google explained. It also found "no evidence that any developer was aware of this bug, or abusing the API", and it found "no evidence that any profile data was misused".

Google also announced new API changes in an effort to restrict developers’ access to data on Android devices and Gmail. For instance, it is limiting the ability to receive call logs and SMS permissions on Android devices. It will also stop allowing contact interaction data available through the Android Contacts API. For Gmail (the consumer version), Google is updating its User Data Policy and limiting apps' access to data.

When will Google+ shut down?

Google wants to complete the sunsetting process for the consumer version of Google+ by August 2019. But it also wants to keep the service going for enterprise customers. "Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network," Google explained.

How to download your Google+ data

Over the coming months, Google will update users with additional information, including ways to download and migrate data.