It said it had no evidence that any third-party developer was aware of the bug or had misused profile data. Google explained that there was indeed a glitch that could allow developers to access private profile information, including a user's name, email address, occupation, gender, age, and profile photo. The company adds that it can not confirm how many Google+ users were affected by this bug, but based on a detailed analysis it seems up to 500,000 Google+ accounts have been affected. However, Google claims to have no evidence that suggests that any external developer or app had access to the data.
Google in a blog post said that the security bug was discovered and immediately patched in March 2018.
Google is also making some changes to its Gmail API and is limiting Android apps that request to receive Call Log and SMS permissions. So a group of the company's executives ruled that the firm should stay quiet about the flaw, and reportedly informed Sundar Pichai, Google's CEO, of their decision.
Writing in a blog post Monday, Google attempted to downplay the incident, saying it hasn't found any signs that the bug was exploited. By doing this, it hopes to make users of Google's apps confident that their data is secure.
A Google spokesperson said there were "significant challenges in creating and maintaining a successful Google+ that meets consumers' expectations".More news: Man detained in Germany over Bulgarian journalist's murder
More news: South Africa's finance minister Nhlanhla Nene resigns
More news: Wozniacki wins 30th title with China Open victory
"The consumer version of Google+ now has low usage and engagement: 90% of Google+ user sessions are less than five seconds", blog post reads.
The company will give 10-month period up to next August for the consumers. After they detected the bug, the company ran an analysis on the user's profile.
Google said that none of the requirements that will require to disclose a data breach were met by the Google+ bug, which is why it chose to keep it a secret until now.
Webroot senior threat research analyst Tyler Moffitt says, "Although it seems that Google has shut down an entire line of business due to this breach, from a GDPR perspective, the company appears to have gotten off lightly".
Users who connect third-party apps with Google will get more granular control over what data gets shared.