Google exposed private data from hundreds of thousands of Google+ users and then chose not to inform those affected by the issue. The Wall Street Journal reports that sources close to the matter claim the decision to keep the exposure under wraps was made among fears of regulatory scrutiny. Google says it discovered and immediately fixed the issue in March of this year.
According to the Wall Street Journal’s sources as well as documents reviewed by the publication, a software vulnerability gave outside developers access to private Google+ user data between 2015 and 2018. And an internal memo noted that while there wasn’t any evidence of misuse on behalf of developers, there wasn’t a way to know for sure whether any misuse took place. Google said that it also found no evidence that any of the developers behind the 438 applications that used the API in question were aware of the bug. Exposed data included names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.