Another data breach just moved up Google+’s date with death.
It was announced in October that Google's killing off its much maligned answer to Facebook, Google+. While not surprising by itself, what did come as a surprise was the data breach that apparently served as the catalyst for Google to finally pull the plug on the platform. But now, Google has admitted that the platform suffered a second security breach.
With this revelation comes news that Google+ will shut down in April 2019, instead of the original plan of August, and the API for the website will stop functioning in 90 days. Here's what you need to know.
Why is Google+ shutting down?
Google announced plans to shutter the consumer version of Google+ via a blog post in October 2018. The original plan was to have a sunsetting period that would last until August 2019. With the announcement of a second breach in December 2018, that timetable has been moved up to April 2019.
Currently, Google+ has “low usage and engagement", according to Google, and 90 percent of user sessions last less than five seconds. But the decision to shut down Google+ altogether was largely due to the October 2018 security breach.
You see, Google+ users could grant access to their profile data to third-party apps - just like users could with Facebook and Twitter. They could even allow a third-party app to access the public information of friends. The breach consisted of a Google+ bug - located in the Google+ People API - that allowed third-party apps to gain access to users' private data.
Who's affected by the breach?
October 2018 breach
Up to 438 apps were using the offending Google+ People API, and the profiles of up to 500,000 Google+ accounts were potentially affected, according to Google. However, The Wall Street Journal made the API bug seem worse.
It may have leaked user data since 2015 and was apparently found when Google started checking its sites for privacy leaks ahead of the GDPR rollout. The Wall Street Journal claimed Google tried to cover the breach, rather than make it public, to avoid "immediate regulatory interest".
December 2018 breach
Google noticed another bug in its API in December 2018. It allowed developers to access personal information of users, even if that information was set to private. While Google said its internal investigation turned up no evidence that any developers used the bug to access data they shouldn’t have, this breach is still significant.
It has the potential to leak names, email addresses, gender, birthday, and more for over 52 million Google+ users.
Have the bugs been patched?
Google claims to have patched both bugs. Regarding the newest one, Google said it was only active within its system for less than a week, and was caught quickly thanks to routine testing.
Google reiterated in a statement that, “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”
When will Google+ shut down?
Google originally wanted to complete the sunsetting process for the consumer version of Google+ by August 2019, but that was moved up to April 2019 with the announcement of the second breach.
It still wants to keep the service going for enterprise customers.
"Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network," Google explained. Of course with each breach, the application becomes less viable as something businesses will want to trust their employee data with.
How to download your Google+ data
Google once again promised users a way to download their data from Google+ before it shutters, but offered no specifics on when that might come.