That breach left the personal information of about 500,000 users exposed, and was caused by a bug on a People API on Google+.
The Wall Street Journal, reported that they have reviewed a memo prepared by Google's legal and policy staff, which indicated that disclosing the data breach could lead to scrutiny by government regulatory agencies.
The tech giant announced the news on the company blog, disclosing the compromised user-privacy issue for the first time, despite knowing about it for seven months.
"Going forward, consumers will get more fine-grained control over what account data they choose to share with each app", Google said.
The bug, which went undiscovered from 2015 until March of this year, according toThe WSJ, allowed developers to access personal data from the connections of people who had installed their app, even if those people didn't give permission for their information to be accessed. Google has also advised they will remove access to the contact interaction data from the Android Contacts API which allowed apps to show you your most recent contacts, within the next few months. Google says that there was no evidence that the information was misused, but that a total of 438 apps had access. The company, however, can not confirm which users were affected by the bug when it was active from 2015 to 2018. It's also limiting said apps' ability to access private data outside of specific use cases.
The news comes just two weeks after Facebook revealed almost 50m users had been affected by a similar privacy lapse. "Given these challenges and the very low usage of the consumer version of Google+, we chose to sunset the consumer version of Google+".
Google is shutting down the consumer version of Google+ because the social media network isn't worth maintaining, the company said Monday. Whether the termination announcement today is truly the result of the security issue or the press around it, or reflects a business decision that was merely accelerated by the disclosure, is the subject of much speculation.
Google+ will be closing down in August next year, however the company said it was looking at continuing an enterprise version of the product with greater user controls.
Google also said it would begin restricting the data it provides to outside developers. By doing this, it hopes to make users of Google's apps confident that their data is secure.