Commenting on the incident, Jessica Ortega, a website security analyst at Web security firm SiteLock, said the Google+ flaw allowed more than 400 apps using the Google+ API to access the personal information of approximately 500,000 users.
Google admitted in the blog post disclosing the bug that usage of Google+ has dropped off in recent years.
"Going forward, consumers will get more fine-grained control over what account data they choose to share with each app", Google said.
Allegedly, the glitch enabled outside developers to gain unauthorized access to the relevant for quite some time - from 2015 until Google's discovery in March of this year. The bug in the API allowed the developers to not just access the private, non-public data of the users who signed up as well as people they are connected to.
Google says it hasn't found any evidence that developers were aware of the bug, so it's unlikely that anyone abused it. The company, however, can not confirm which users were affected by the bug when it was active from 2015 to 2018. The consumer version of Google+ now has low usage and engagement: "90% of Google+ user sessions are less than five seconds". Users' private messages were not affected, according to the company.More news: French police investigating after Interpol president reported missing in China
More news: ‘Kind of appalling’: Republican senators criticize Trump for mocking Christine Blasey Ford
More news: High drama in Senate as Kavanaugh-Ford hearing nears
Google's Privacy and Data Protection Office was where the decision was made to not notify users, and the company decided that since it doesn't know which developers have what data, there's really no action that users could take.
Google said up to 438 external applications, such as online games or quizzes, could have exploited the flaw.
Google+ may not be the biggest social network - far from it, according to Google - but there are some folks out there that use it, so the news of its shutdown is a bit disappointing for them.
The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
Despite the security gaff, Google officials opted not to disclose the problem at the time over fear of intense criticism akin to what Facebook went through after its privacy problems.
All of this has led Google to finally admit Google+ was a failure, with the company announcing that it will close over the next ten months with a pivot to the enterprise market in the cards.