By Carlo Versano
Google cut its losses Monday after the publication of a story about a previously unreported data breach at its struggling Google+ social network.
The Alphabet-owned company ($GOOGL) said in a blog post that it would shutter Google+ to consumers as part of a larger restructuring of its privacy controls. It noted that "90 percent of Google+ user sessions are less than five seconds."
The post seemed timed to respond to a report in the Wall Street Journal that the company had discovered a vulnerability back in March that left the private data of hundreds of thousands of Google+ users potentially exposed for as long as three years until it was found and patched.
Further, the Journal reported that Google executives, including CEO Sundar Pichai, made a strategic decision to keep the vulnerability secret due to the potential for "immediate regulatory interest." The bug was discovered just as the Facebook ($FB) scandal involving Cambridge Analytica was reinvigorating a public debate over how the big tech companies were handling the massive troves of data they were collecting.
Google said the vulnerability was a result of a coding bug in conjunction with an API that gave access to outside developers and exposed the names, email addresses, occupations, genders, and ages of roughly 500,000 users. It said it found no evidence that the exposed data was misused by third-party developers.
The decision to keep the issue private and then kill the social network altogether reflects the heightened stakes for the handful of tech companies that control the vast majority of the web. The "growth at all costs" mantra is being replaced with a more cautious approach that seeks to weigh the trust of an increasingly skeptical public and new interest from regulators.
But by not immediately alerting the public last spring, Google has likely made the matter worse for itself as it now must react to a scandal just as it gets ready to unveil a slate of new devices.