A Google+ security breach gave outside developers access to the private data of hundreds of thousands of the social network’s users between 2015 and March 2018, according to a Wall Street Journal report. Google neglected to report the breach to the public, allegedly out of fear that the company would face regulations and damage to its reputation, according to sources and documents obtained by the Wall Street Journal.
In a memo cited by the Wall Street Journal, Google’s legal and policy staff warned against disclosing the breach, fearing it would draw comparisons to Facebook’s mishandling of user data, when more than 50 million Facebook users had their personal information leaked to the data firm Cambridge Analytica.
The information exposed in the Google+ data breach included full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status.
Google has recently been at the center of a number of privacy breaches. The company was the target of a massive class action lawsuit in the U.K. after 4 million users had their personal data collected and allegedly used for targeted advertising. The lawsuit was blocked in the High Court on Monday.
The Google+ data breach was discovered in March of this year during an audit of the company’s APIs, conducted by a privacy task force codenamed Project Strobe. A bug in the API could have allowed outside developers to access the data of 496,951 users who had only opted to share their private profile data with friends.