Alphabet said Google will shut down the consumer version of its failed social network Google+ and tighten its data sharing policies, Reuters reported.
Google on Monday said that private profile data of at least 500,000 users may have been exposed to hundreds of external developers.
Google discovered the issue and patched in March as part of a review of how Google shares data with other applications, Google said in a blog post. No developer exploited the vulnerability or misused data, the review found.
The Wall Street Journal reported earlier that Google opted not to disclose the security issue due to fears of regulatory scrutiny.
Google feared disclosure would invite comparison to Facebook’s leak of user information to data firm Cambridge Analytica.
Google said none of the thresholds it requires to disclose a breach were met after reviewing the type of data involved, whether it could identify the users to inform, establish any evidence of misuse, and whether there were any actions a developer or user could take to protect themselves.
Google+ launched in 2011 as the advertising giant grew more concerned about competition from Facebook, which could pinpoint ads to users based on data they had shared about their friends, likes and online activity.
Google+ copied Facebook with status updates and news feeds and let people organize their groups of friends into what it calls “circles.”
But Google+ and the company’s other experiments with social media struggled to win over users because of complicated features and privacy mishaps.
Facebook introduced a feature that allowed users to connect their accounts with their profiles on dating, music and other apps.
Google followed suit, letting outside developers access some Google+ data with users’ permission. The bug disclosed on Monday, introduced in a software update, exposed private data including name, email address, occupation, gender and age, Google said. It could not definitely say how many users were affected because it said it keeps only two weeks of such records.
Google+ will remain an internal networking option for organizations that buy Google’s G Suite, a bundle of apps for creating documents, spreadsheets and presentations.
Google’s plan to withdraw the free version of Google+, scheduled for August, could help strengthen its case to U.S. policymakers and regulators that it is different from Facebook, which has faced political heat over allegations that data belonging to 87 million of its users was improperly shared with political consultancy Cambridge Analytica.
Google refused to send CEO Sundar Pichai to a Senate Intelligence Committee hearing on Sept. 5, where Facebook’s COO and Twitter’s CEO testified. An empty chair was left for Google after the committee rejected Google’s top lawyer as a witness.
Several policies Google introduced on Monday are designed to curb the data accessible to developers offering mobile apps on the Google Play store or add-on apps for sending and organizing Gmail messages.
Play Store apps will no longer be allowed to access text message and call logs unless they are the default calling or texting app on a user’s device or have an exception from Google.
Gmail add-ons available to consumers starting next year will be barred from selling user data and be subject to a third-party security assessment that will cost them about $15,000 to $75,000, Google said.