Google’s failed social network Google+ is set to close earlier than planned after the company uncovered a second privacy flaw in the software that could potentially expose the personal data of millions of users.
The site, which was launched back in 2011 with the goal of competing with Facebook, was already earmarked for closure in August of next year after Google discovered vulnerabilities within the service, but this will now be brought forward to April 2019.
In a blog post detailing the newest finding, vice-president of product management at G Suite David Thacker explained that the bug was uncovered within one of the site’s APIs as part of “standard and ongoing testing procedures”.
It could have allowed third-party apps to view users’ profile information such as their name, email address, occupation and age, even if an individual had marked such details as private.
Mr Thacker said up to 52.5 million users were affected by this, but added there was no evidence that any external developers were aware of the flaw or misused any data.
However, given that this is the second significant privacy vulnerability found within the social network within a few months, Google may have deemed it sensible to bring forward the sunsetting of the network, which was never able to gain much traction among users.
As such, all Google+ APIs will be shuttered within 90 days, with remaining consumer services set to follow in the coming months. A small section of the service aimed at enterprise customers will continue to operate.
Mr Thacker said: “We want to give users ample opportunity to transition off consumer Google+, and over the coming months, we will continue to provide users with additional information, including ways they can safely and securely download and migrate their data.”
The latest vulnerability had the potential to be much bigger than the previous flaw, which was announced in October and was thought to have affected 500,000 users. However, on that occasion, Google was criticised for the slowness of its disclosure, as it was revealed the company had been aware of the issue for more than six months before going public.