A bug in the Google+ social media service left about 500,000 user accounts open to being compromised, though there is no evidence anyone’s personal information was misused, the company said Monday.
Google said it was shutting down the consumer portion of Google+, which it acknowledged had not caught on with the general public. (The company said 90 percent of all user sessions lasted 5 seconds or less.)
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” Google said in a blog post.
The bug was patched last March. The Wall Street Journal reported that Google decided at the time not to disclose it to the public, which the company also addressed in the blog.
“Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance,” it said.
As part of a broader security review, Google said it would limits developers’ access to certain Gmail data, as well as to call logs and messaging on Android phones.
The news comes less than two weeks after Facebook acknowledged its own breach, potentially exposing data on some 50 million users.