According to a Monday Wall Street Journal report, Google chose not to disclose the breach to users due to fear of sustaining damage to the company's reputation and incurring more government regulation. The bug is said to have affected as many as 500,000 accounts, though the company says it found "no evidence" that any data was actually misused.
The internal memo obtained by the Journal says that while Google has no evidence that outside developers misused, it has no way to know for sure.
The firm has also promised to institute new security rules, including limits around the types of use cases that are permitted to access consumer Gmail data.
"It has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps", wrote Ben Smith, Google's vice president of engineering, in a blog post on Monday.
Making a Murderer Part 2 Trailer: The Truth Gets a Second Look
With the release date now less than two weeks away, Netflix earlier today released the trailer for the show's second season. The sequel, " Making a Murderer 2", will follow their appeals.
Even with the data patched, Google has advised they will be shutting down Google+ for consumers.
These actions are only the beginning, with Google advising they will roll out additional controls and update their policies across more APIs in the coming months. "Earlier this year, right at the time they discovered this, the Facebook Cambridge Analytica data breach had just happened, there's a lot of regulator scrutiny of Facebook and tech companies and how they're handling data, and internally, they were anxious about being pulled into this conversation in a bigger way".
Google says that going forward, rather than bundling permissions together for a single approval, each and every permission requested by an app will be shown one at a time, within its own dialog box. Well, this is a major security flaw that brought users personal data to risk.
"The consumer version of Google+ now has low usage and engagement: 90 percent of Google+ user sessions are less than 5 seconds". Users who granted third-party applications access to their public data also had some private data shared. It's also limiting said apps' ability to access private data outside of specific use cases. (An earlier WSJ piece described how some Gmail apps were allowing employees to read users' emails and sell the data to marketers.) The changes apply to new Gmail apps immediately, and to existing ones early next year.
Given the potential for abuse, and the fact that nearly no one is using Google+, Alphabet opted to take the path of least resistance and yank the doddering network off life support.