Who remembers the sudden and dramatic death of Google+?
Google’s Facebook competitor and “social backbone” was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of “hundreds of thousands of users” for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the “private” data of 500,000 accounts actually wasn’t private. Since nobody worked on Google+ anymore, Google’s “fix” for the bug was to close Google+ entirely. Then the lawsuits started.
Today’s class-action lawsuit, Matt Matic and Zak Harris v. Google, was filed in October 2018 and blames Google’s “lax approach to data security” for the bugs. The complaint added, “Worse, after discovery of this vulnerability in the Google+ platform, Defendants kept silent for at least seven months, making a calculated decision not to inform users that their Personal Information was compromised, further compromising the privacy of consumers‘ information and exposing them to risk of identity theft or worse.” The case website with full details is at googleplusdatalitigation.com.
The case was settled in June 2020, with Google agreeing to pay out $7.5 million. After losing about half of that money to legal and administrative fees, and with 1,720,029 people filling out the right forms by the October 2020 deadline, the payout for each person is a whopping $2.15.
This first Google+ data leak was active from 2015 to 2018 and allowed developers full access to the data from Google+’s “People” API, even for private profiles. This meant any developer could grab any Google+ profile info you’ve filled out, including your name, birthday, gender, email, relationship status, occupation, and a list of the places you’ve lived. Two months later, Google announced a second Google+ privacy bug that again exposed this People API data, but this time for a whopping 52.5 million users. The case was later expanded to cover all these people.
Google+ was killed in April 2019 and can’t hurt anyone anymore.