Ben Smith, the vice-president of engineering at Google, said in a post that a review from the start of the year whose results were only announced on October 8 showed that they "discovered a bug in out of the Google+People APIs (application programming interfaces)" used to communicate with Google services and integrate with other services such as Google Maps.
"We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change," Smith explained.
"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused," he added.
Google opted not to disclose its discovery of a bug in Google+ that exposed the data of hundreds of thousands of users, a WSJ review found https://t.co/MdsCbksxod— The Wall Street Journal (@WSJ) October 8, 2018
According to the Wall Street Journal, Google did not disclose the issue partly due to fears by the company of regulatory scrutiny.
The paper quoted a Google spokesperson as saying that the company considered “whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met here.”
As a result of the breach, the company is winding down consumer versions of Google+ over a 10-month period through August 2019.
Tech companies have come under fire for a string of data breaches. One of the earliest is Facebook, which has been hit by allegations of the improper use of data for 87 million Facebook users by Cambridge Analytica.
Shares of Google in New York dropped 2.6% to the session low at $1,127.36, but recovered to close on Monday 0.72% off at $1,148.97.