Following October's announcement of the closure of Google+, Google's flagship social network, the company has discovered an additional bug within the network's application program interface that potentially impacts up to 52.5 million users.
According to an official Google blog post by David Thacker, Vice President of Product Management for G Suite, this bug allowed third party apps and services that requested information about Google+ users, such as name, occupation, age, and email address, to have access to this information from Google+ directly even if the requested info was set to non-public access. This vulnerability was open for a six-day period.
On the bright side, Thacker states that the API bug "did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft." In addition to this, he states that Google has found no evidence of third party developers noticing or exploiting this API vulnerability or of any third party having compromised Google's systems.
Originally, Google Plus was set to shut down to consumers in August of 2019. Following the discovery of this data vulnerability, however, the closure has been rushed up to April of 2019 instead.