Goodbye, Google+. The end of the little-used social media site, originally scheduled for August, has been moved up to April after a new vulnerability was found. Google+ could never gain traction among its user base, not to mention that its integration into YouTube’s comment system infuriated countless users. When the phasing out of Google+ was originally announced by Google in October, the company stated that the consumer version would be eliminated by August.
In a post written by David Thacker, vice president of Google’s product management and G Suite, it was announced that Google+ would be eliminated in April due to a severe vulnerability uncovered during routine tests. The vulnerability was described as follows:
We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API... with respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public... in addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
The post went on to insist that no consumers were compromised via system breaches, but especially in the case of Google, I would take this claim with a grain of salt. This is a PR nightmare for the company, but more importantly, it is a security nightmare for experts and civilians alike. Anyone who ever had a Google+ account, even if they never used it, should keep a lookout for any suspicious activity that might indicate their personal data was compromised.