The announcement in this regard was made by Ben Smith, Google Fellow and vice-president of engineering, in a blog post Monday, in which he noted that the Indian-American headed company could not confirm which users were impacted by the bug.
Google said that none of the requirements that will require to disclose a data breach were met by the Google+ bug, which is why it chose to keep it a secret until now.
Up to 438 applications may have had access to the vulnerability, but Google said it had found no evidence that outside developers were aware of the security flaw and no indication that any user profiles were misused.
According to Smith, as many as 500,000 accounts could have been affected, and the data exposed could potentially include things such as name, occupation, or age - but not phone numbers or any other information stored on your Google account. The company noted that information like Google+ posts, messages and G Suite content weren't included in the exposure.
Google+ was heavily promoted after its 2011 launch, in the hope of overtaking Facebook in the early days of social media. Today, after over 7 years of existence, Google is shutting down Google+ for good-although its low user base surprisingly wasn't the main factor behind this decision. A software glitch on Google+ gave outside developers potential access to private data between 2015 and March 2018, when it was finally fixed.
But it's not doing so exclusively out of concern for users' privacy: Smith admitted the network is not a success, saying "The consumer version of Google+ now has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds". They identified that nearly 38 applications might have used this API.
"The consumer version of Google+ now has low usage and engagement: 90% of Google+ user sessions are less than five seconds", blog post reads.
However, Google will continue to use Google+ for Enterprise purposes as an internal social network for companies rather than for consumers, saying that it is the most popular use of the social network. In light of the breach, google has announced that it'll be shutting down google+ over the next few months, while also limiting API access in other Google product apps like Gmail.