Google announced Monday that it is shutting down Google+ for “consumers” amid reports that up to 500,000 people on the site had their personal information compromised.
The Wall Street Journal reported that the breach had possibly exposed the names, email addresses, birth dates, profile photos, and gender of users without their consent. The data leak was discovered this March, the newspaper reported, but wasn’t revealed for fear of backlash from regulators.
In a blog post, Google Fellow and Vice President of Engineering Ben Smith conceded that Google+ — first unveiled in 2011 — has “limited user interaction” and an average of five seconds of usage per each user’s session. It will be closed over a 10-month period.
He wrote that a “bug” exposed the data of as many as 500,000 people, although Google “cannot confirm” the exact numbers affected.
As news broke of the leak, many took to Twitter to joke about Google+ — with many saying they had never heard of it before at all.
However, Brian Fung, a technology reporter for The Washington Post, had a warning for people mocking the latest data leak.
He wrote that a 2012 article from Ars Technica, an outlet covering technology, showed “the sign-up process for Gmail also signed people up for Google+ unless they were super savvy about it.”
In other words, you might have a Google+ account and not even know about it — or that your data was potentially compromised. And your Gmail could be to blame. As reported by Forbes in 2015, there were an estimated 111 million “active profiles” on the Google+ site.
But don’t worry: There’s a way to use your Gmail to see if you have a Google+ account. And, as explained by Fung, it’s pretty easy.
It’s unknown exactly who was affected, Smith wrote in his blog post, but there’s no evidence any of the information was misused. He also explained why the company didn’t release details of the data breach until months later.
“Every year, we send millions of notifications to users about privacy and security bugs and issues,” he wrote. “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.
“Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,” he continued. “None of these thresholds were met in this instance.”