A bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends. Google discovered a software glitch that has the accounts of about 500,000 people compromised. Since 2015, the bug basically allowed third-party developers to access the private profile data.

Further, Google also announced that it will not only shut down consumer access to Google+ but also improve privacy protections for third-party applications.

The bug had actually caused access to private information to 438 different third-party applications but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.

We found no evidence that any developer was aware of this bug or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blog post.

Smith defended the decision not to disclose the leak, writing: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”