The private information of over 500,000 Google users was accessible to 438 application development companies, and Google chose not to tell anyone for over 6 months.
The search giant, now a subsidiary of Alphabet Inc (GOOGL), has decided phase out the consumer-level services of its floundering social networking platform Google+, which was the source of the breach, over the next several months. The company reports that the compromised information included birthdates, profile photos, email addresses, and gender, all of which was made accessible due to a bug in their software rather than a malicious attack.
The long-avoided disclosure was made in a blog post by Google earlier today. According to some reports, Google intended to keep it quiet as long as possible to avoid regulatory reprisal and damage to the company’s reputation. It is unclear if the company will be subject to penalties or damages for not reporting the breach sooner.
The current news strikes a familiar chord for Americans, who over the past year have heard reports and testimonies from several tech giants over their privacy standards and security practices. Millions of Facebook (FB) users were put on alert just months ago that their information had been accessed by third-party companies, while Twitter (TWTR) and Google have also been probed by the Federal government about privacy and national security issues, such as election manipulation by foreign entities.