AP Photo/Mark Lennihan, File

Google Shutting Down Google Plus Social Network After Data Breach

October 08, 2018 - 6:29 pm

MOUNTAIN VIEW, Calif. (WCBS 880/AP) -- Google is shutting down all consumer functionality of its social network, Google Plus.

The move follows Google’s disclosure of a flaw discovered in March that could have exposed some personal information of up to 500,000 people. It came in a Monday blog post , which marked Google's first public description of the privacy bug.

CBS News Tech Consultant Larry Magid told WCBS 880’s Steve Scott and Joe Avellar Monday that Google Plus was never very popular, and never took off as a competitor to Facebook or any other social media. But the data breach was the greatest concern.

“Now, Google says that they, a) don’t know which users were compromised, and b) they say there’s no evidence that any of that information could have gotten, or did get into the hands of attackers or other criminals. But nevertheless, that prompted them, I think, to say, ‘You know, this is more of a hassle than it’s worth to us,” Magid said.

Google deliberately avoided disclosing the problem at the time, in part to avoid drawing regulatory scrutiny and damaging its reputation, according to a Wall Street Journal story that cited anonymous individuals and documents.

The Mountain View, California, company declined to comment on the Journal's report, and didn't fully explain in its blog post why it held off on revealing the bug until Monday.

But Magid said it is a problem.

 “That’s very disturbing, and I’m not a lawyer, and nor have I looked recently at all the laws, but I think that California has a data breach disclosure law that requires companies to inform people if they could possibly have been a victim to a data breach,” he said.

Magid said Google should have said something – even if they could not give specifics. He also said it is likely that Google will be getting calls from state attorneys general.

The Google Plus flaw could have allowed up to 438 external apps to scoop up user names, email addresses, occupations, genders and ages without authorization. The company didn't find any evidence that any of the personal information affected by the Plus breach was misused.

The timeline laid out by Google indicates the company discovered the privacy lapse around the same time that Facebook was under fire for a leak in its far more popular social network. Facebooks' breakdown exposed the personal information of as many as 87 million of its users to Cambridge Analytica, a data mining firm affiliated with President Donald Trump's 2016 campaign.

Congress summoned CEO Facebook CEO Mark Zuckerberg to be grilled about his company's privacy issues in April.

Google CEO Sundar Pichai recently declined to an invitation to travel to Washington to testify before the Senate about foreign governments' manipulation of online services to sway U.S. political elections. His absence incensed some lawmakers, who left an empty chair for Google alongside the Twitter and Facebook executives who appeared before the Senate committee in September.

"With this breach announcement, the empty seat bearing Google's name just became a lot hotter," said Mike Chapple, an associate professor of information technology, analytics and operations at the University of Notre Dame.

Pichai went to Washington to mend political fences with lawmakers in late September and agreed to participate in a White House roundtable on technology that President Trump intends to attend. He also will appear in House hearings after the midterm elections in November.

Google has a strong incentive to position itself as a trustworthy guardian of personal information because, like Facebook, its financial success hinges on its success to learn about the interests, habits and location of its users in order to sell targeted ads.

The desire to peer into people's lives is one of the reasons that Google launched Plus in 2011. It was supposed to be a challenger to Facebook's social network, which now has more than 2 billion users. But Plus flopped and quickly turned into a digital ghost town, prompting Google to start de-emphasizing it several years ago.

But the company kept it open long enough to cause an embarrassing privacy gaffe that could give Congress an excuse to enact tighter controls on data collection.

"Every data mishap strengthens the bipartisan case for Congress to take action on data protection," said Jonathan Mayer, an assistant professor at Princeton University who formerly worked in the Federal Communications Commission's enforcement bureau.

Europe began to impose tougher online privacy regulations in May. Those rules also include disclosure requirements for data breaches. Those rules don't apply to the Plus problem because Google discovered it before they took effect.

(© 2018 WCBS 880. The Associated Press contributed to this report.)