The social network Google+ is to shut for consumers after the company admitted a massive data breach that affected nearly 500,000 users.
The security bug gave 438 third-party apps access to sensitive data, including full names, email addresses and date of birth. Profile photos, areas users had lived and relationship statuses may also have been exposed.
The Wall Street Journal reports that an internal privacy task force called "project strobe" has been conducting a security audit of the company's APIs. These are the interfaces through which third-party apps access Google's data.
Google says that it has no reason to believe that user data was abused by the apps.
For a user to be affected it appears that they would have needed to use a third-party app and grant it permission to access their data.
The breach was discovered earlier this year but Google has, according to TechCrunch , the firm didn't disclose it immediately for fear of attracting attention from regulators.
In an internal memo the company said it wanted to avoid “us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”.
Google will apparently announce a comprehensive clean up of its services. As well as Google+ closing, Gmail will see massive restrictions on the number of third-party app developers that are allowed to create extra services.
In the EU new laws means that data breaches of this kind can result in a fine of 4 per cent of a company's annual global turnover.
Google has a turnover of $109 billion in 2017 which would open it up for a fine in excess of $4 billion.
However the breach happened in 2015, so it may be out of the scope of GDPR regulation. It could of course still be investigated by regulators in the EU, UK and US.
A Google spokesman said: "Every year, we send millions of notifications to users about privacy and security bugs and issues. Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.
"Our privacy and data protection office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met here.
"The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+."