Google is accelerating plans to shut down its Google+ social network after another bug was found in the software, affecting as many as 52.5m users. This second security flaw allowed "name, email address, occupation, and age" to be exposed to third-party developers, even if accounts had been set to private.
The news comes after Google had already announced plans to shut down Google+ back in October, when a flaw impacting 500,000 users was exposed. The social network, which had never made a wide impact, was initially set to shut down in August 2019.
"With the discovery of this new bug, we have decided to expedite the shutdown of all Google+ APIs; this will occur within the next 90 days," said David Thacker, head of product management for G Suite at Google. "In addition, we have also decided to accelerate the sun-setting of consumer Google+ from August 2019 to April 2019. While we recognise there are implications for developers, we want to ensure the protection of our users."
The flaw was discovered by Google staff during routine testing, and had only been present in the system since November, after Google had already made the decision to close down the platform. There is no evidence that the flaw had been exploited by bad actors, but it does beg the question how such a massive flaw could be introduced to a system that had already been investigated for a data breach.
The timing of the breach is poor for Google CEO Sundar Pichai, who is due to appear in front of a Congressional committee in Washington DC this week. The hearing is primarily to discuss the possibility of political bias across Google's products, but questioning will likely stray into other areas, including Google+.
The firm was criticised back in October for failing to disclose the initial data leak on the platform, which was discovered in March 2018. Internal memos suggested that the public was not informed because Google and parent firm Alphabet were worried about additional regulatory oversight.