After announcing in October it would be shuttering Google+, its little-loved social media site, Google today announced that, thanks to yet another security flaw, the end would have to come much sooner than originally expected. The site will now shut down completely in April, rather than August, and access to the API network will be cut off in the next 90 days.
What could have happened to make Google hit the proverbial panic button? How about a bug that affects over 50 million users?
According to David Thacker, Google’s VP of product management, a November software update contained a security bug that potentially impacted 52.5 million users. While the company fixed the flaw within a week of its being released, Thacker says the app developers could have accessed a wealth of information in those six days:
With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile — like their name, email address, occupation, age — were granted permission to view profile information about that user even when set to not-public. In addition, apps with access to a user‘s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
Just as with the original bug that brought the site down, Thacker says the company has no evidence third-party developers misused the bug or were aware it existed. Nevertheless, the powers that be have apparently concluded that the site is more trouble than it’s worth — and they’re probably right, given the scrutiny Google is under.
Thacker also says user security is the company’s top priority, more so than the inconvenience to developers: “We understand that our ability to build reliable products that protect your data drives user trust… We will never stop our work to build privacy protections that work for everyone.
Google says it’s currently reaching out to users impacted, and it’ll continue to offer tools to those who want to save or migrate their data. Whoever’s doing that might want to do it fast — there’s no telling when the next security bug will come along and force Google to accelerate the shutdown even more.