As many as 5 lakh users had their personal information at risk which led to Google shutting down its social networking site.
Ben Smith, Google Fellow and vice-president of engineering, in a blog post on Monday, said that the Indian-American headed company could not confirm which users were impacted by the bug.
The technical bug was revealed to be a part of an effort called ‘Project Strobe’ started by Google earlier this year. It is a root-and-branch review of third-party developer access to Google accounts and Android device data and of the company’s philosophy around apps’ data access, as stated by Smith.
“This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened,” Smith said.
The internet giant ran a detailed analysis over the two weeks prior to patching the bug. It was concluded in their analysis that up to 500,000 Google+ accounts were potentially affected and up to 438 applications may have used this API.
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” he stated.
According to the first reports in the Wall Street Journal, a software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue.
However Google Plus will not be shut down immediately.
“To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data,” Smith mentioned.
Google also announced launch of more technically more fine- grained Google account permissions that will show in individual dialog boxes.
“When an app prompts you for access to your Google account data, we always require that you see what data it has asked for, and you must grant it explicit permission,” he said.
Sunder Pichai, the Indian-American CEO of Google, was briefed on the plan to not notify users after an internal committee had reached that decision, The Wall Street said quoting unnamed sources.