The consumer version of Google+ is going away sooner than originally planned. In October of this year, Google announced its plans to shut down the consumer version after low use and API vulnerabilities. Google intended to give users 10 months to download data and migrate away from the service. Now, another data leak was discovered, and Google will end access in April 2019.
The new leak was caused by a bug included in a November software update. The bug directly affected the Google+ API. Accordingly, Google will expedite the shutdown of the API. It now plans to shutdown all Google+ APIs in the next 90 days.
Google continues to investigate the impact of the bug, but so far it has found:
- approximately 52.5 million users were impacted
- apps that requested permission to view profile information through the API were granted permission (even when profile information set to no-public)
- no financial, national identification numbers, passwords, or similar data was exposed
- no third party compromised Google systems, nor has evidence of misuse been detected
So far, it doesn't seem like malicious behavior ensued because of this. However, this is multiple vulnerabilities in a little amount of time on a Google product that has been a significant under performer. Google is likely glad this social experiment is coming to an end.