The Wall Street Journal reported earlier that Google had opted not to disclose the issue with its Application Program Interfaces (API) partly due to fears of regulatory scrutiny, citing unnamed sources and internal documents.
Google exposed the personal data of about 500,000 Google+ users to potential misuse by outside developers for years through a bug, then concealed the error to avoid consequences, according to an investigation published by The Wall Street Journal Monday.
Alphabet shares fell 2.3 percent to $1,140 at 1:14 p.m.in NY, after earlier dropping to $1,136.50, the lowest intraday price since July 5. This leaked data included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.
Google's Privacy and Data Protection Office was where the decision was made to not notify users, and the company decided that since it doesn't know which developers have what data, there's really no action that users could take. Google has announced that it will be rolling out new features to make it a "secure corporate social network".
An email shared among senior Google executives and lawyers said that revealing the issue would lead to "immediate regulatory interest" and mean its chief executive Sundar Pichai being forced to give evidence in Washington. Google claims that they didn't tell its users because they believed that without sufficient information on who was hacked, they found it wouldn't be useful to identify the public on the matter. The company said that "none of those thresholds were met".
The company is also stressing its commitment to security - now offering "more fine-grained control" of what account data Google users share with third-party apps.
All these changes are happening in the coming months, giving users more control over their own data.
Cambridge Analytica, a data firm with ties to President Donald Trump's campaign, accessed information from as many as 87 million Facebook users without their knowledge. That means we can not confirm which users were impacted by this bug.
The API allowed users to grant access to their and their friends' profile information to apps. The US internet giant said that 90% of Google+ user sessions lasted only five seconds long or less.
The WSJ report and Google blog both agree that Google discovered the bug in spring of 2018, although the motivation for what happened afterwards differs.
Google is also limiting apps' ability to gain access to users' call log and SMS data on Android devices.
The company said the bug was located in the Google+ People API.