Google announced on Monday that it would be shutting down its social media platform “Google+” after a massive data breach was discovered. According to Reuters, the breach may affect up to 500,000 users and was most likely caused by a bug that infected the site more than two years ago.
Although the bug was only announced this week, a report from Reuters states that Google knew about the breach as early as March of this year. The company also stated that they had no reason to believe the personal data of any of the effected users was captured or used nefariously.
“None of these thresholds were met in this instance,” Google officials said according to Reuters. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”
According to a report from the Wall Street Journal, Google decided to keep the breach quiet to avoid new regulations and to save the reputation of the brand.
“It seems like the downside risk of having a story that says they intentionally hid information about a major breach from users is bigger than the upside of avoiding scrutiny,” said Dartmouth’s engineering professor Geoffrey Parker while speaking to Reuters. “I wonder if there wasn’t more depth to the internal debate.”
Google is just the latest in a series of tech companies that have had issues with cybersecurity. Recently, Facebook announced that about 50 million of its users were exposed to a data breach after a glitch with the system’s “view as” feature left valuable login keys open for hackers.
Facebook’s recent announcement led to some legislators calling for more regulation; a situation that Google cited as the reason they hid their data breach.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” said Senator Mark Warner, via a statement.
Even without the bug, Google+ was underwhelming compared to other products offered by the company. According to a memo from Google’s Fellow and Vice President of Engineering Ben Smith, Google+ has been more or less a commercial failure.
“While our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption and has seen limited user interaction with apps.”
Smith also stated that the average Google+ user spend about five seconds or less logged into the application.
In the wake of the announcement, shares of Alphabet were down by about one percent. According to Market Watch, Facebook, which was Google+’s biggest competitor finished up slightly on Monday. Although the consumer version of Google+ will be scrapped, the company will continue to offer it as an “enterprise product” available to companies.