Who remembers the sudden and dramatic death of Google+?
Google’s Facebook competitor and “social backbone” was effectively dead within the company around 2014, but Google let the failed service hang around in maintenance mode for years as the company spun off standalone products. In 2018, The Wall Street Journal reported that for years Google+ had exposed the private data of “hundreds of thousands of users”, that Google knew about the issue, and that the company chose not to disclose the data breach for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data breach and admitted that the “private” data of 500,000 accounts was not actually private. Since no one was working on Google+ anymore, Google’s “fix” for the bug was to close Google+ completely. Then the lawsuits started.
Today’s class action lawsuit, Matt Matic and Zak Harris v Google, was filed in October 2018 and blames Google’s “lax approach to data security” for the bugs. The suit added: “Worse still, after discovering this vulnerability in the Google+ platform, the defendants remained silent for at least seven months, making a calculated decision not to inform users that their personal information had been compromised, further compromising the privacy of consumers’ information, exposing them to the risk of identity theft or worse.” The case website with all the details can be found at googleplusdatalitigation.com.
The case was settled in June 2020, with Google agreeing to pay out $7.5 million. After losing about half of that money to legal and administrative fees, and with 1,720,029 people filling out the correct forms by the October 2020 deadline, the payout for each person is a whopping $2.15.
This first Google+ data breach was active from 2015 to 2018 and gave developers full access to Google+’s “People” API data, even for private profiles. This meant that any developer could grab whatever Google+ profile information you entered, including your name, date of birth, gender, email address, relationship status, occupation, and a list of the places you’ve lived. Two months later, Google announced a second Google+ privacy bug that again exposed this People API data, but this time for a whopping 52.5 million users. The case was later expanded to cover all of these people.
Google+ was killed in April 2019 and can no longer harm anyone.