The company, however, can not confirm which users were affected by the bug when it was active from 2015 to 2018. It did not include information from Google+ posts. The company has stated that the closure will occur over the course of the next 10 months, and following the breach Google has also promised to boost user privacy for its other services.
"However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected", Smith said.
Google has admitted that adoption of the its social network and subsequent user engagement has been low, with 90% of Google+ user sessions lasting for less than five seconds.
The Wall Street Journal reporter Douglas MacMillan discusses how Google CEO Sundar Pichai denied the allegations that the company silences conservative voices and how regulations would impact the tech giant.
The company also debuted a number of new privacy controls, including limiting the apps that can access Gmail, call log, and text messaging data.
Google said the issue was resolved in March and that no developer exploited the vulnerability of the data per the company's internal review.
Project Strobe will also lead to Google account holders getting more fine-grained controls over the data they share with apps, which now have overly broad access to user information, Google said. "Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice". "That means we can not confirm which users were impacted by this bug".
The information accessed a user's profile information, including the name, email address, occupation, gender and age, according to the blog post, which added: "The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public". This bug could allow a user's installed apps to utilize the API and access non-public information belonging to that user's friends.
Smith said Google+ would wind down over the next ten months, during which time users will be able to download or migrate their data, and the site would be permanently retired in August 2019.
"The Data Protection commission was not aware of this issue and we now need to better understand the details of the breach, including the nature, impact and risk to individuals and we will be seeking information on these issues from Google", it said.