Google admits to security flaw it failed to disclose

Google found a “software glitch” in its Google+ social network in March that could have exposed the personal data of as many as half a million users, but decided not to tell the public until Monday.

Google chose not to disclose the flaw out of concern it would trigger a regulatory backlash, especially in the wake of criticism against Facebook for its privacy failures, according to The Wall Street Journal, which initially reported the news on Monday.

In a statement posted to its blog minutes after the report, Google said it plans to shut down Google+ for consumers and introduce new privacy tools restricting how developers can use information on Google products ranging from e-mail to file storage.

The Internet giant found the flaw in March during an extensive privacy and security review of all its products, Ben Smith, Google vice president of engineering, said in the statement.

An internal committee decided not to disclose the potential breach of Google+ because there wasn’t evidence of any misuse of the exposed data, which included names, e-mail addresses, ages and occupations, Smith said. The bug was immediately fixed at the time, he said.

Alphabet shares fell 1.5% to US$1 150.73 at 2.04pm in New York, after earlier dropping to $1 135.40, the lowest intraday price since 5 July.

The news adds to Google’s woes and further erodes the narrative that Facebook is the worst offender of the major technology companies on data policy.

Harsh criticism

Facebook has received months of harsh criticism for allowing a developer to spirit away user information and pass it to a political firm that worked in 2016 for Donald Trump’s election campaign.

In the last two months, US politicians on both sides of the aisle have stepped up their attacks on Google, with Republicans accusing it of harbouring biases against them and Democrats questioning whether the company has gotten too big and powerful.

Google+ has never caught on as a social platform. The company said it will be shut down over the next 10 months for consumers, but will remain a platform that businesses can use for internal employee communications.  — Reported by Gerrit De Vynck, (c) 2018 Bloomberg LP