Google+ Shuts Down After Concealing Data Breach Affecting 52 Million Users
What happened
Google shut down Google+ for consumers on 2 April 2019. The closure was triggered by two security incidents: a March 2018 bug exposing private data of up to 500,000 users — which Google did not disclose publicly — and a November 2018 vulnerability affecting 52.5 million users. The Wall Street Journal revealed the first breach in October 2018, after which Google announced the shutdown. By that point, 90% of Google+ user sessions lasted under five seconds, and the platform had no meaningful user base to defend.[1]
What went wrong
Google built a social network that replicated Facebook's features without offering a distinct reason to use it. Users had no compelling motivation to migrate from existing networks. The decision to conceal the March 2018 data breach — made partly to avoid regulatory attention — backfired completely when the WSJ reported it anyway, producing both the original regulatory risk and additional reputational damage for the cover-up.[1]
Lesson learned
Concealing a data breach to avoid regulatory scrutiny is a strategy that consistently produces worse outcomes than disclosure. When the WSJ reported Google's concealed breach, Google faced the original penalty risk plus reputational harm for the cover-up — a guaranteed double penalty. Disclosure, while painful, is almost always the less costly option.
Sources
- [1] The Verge Google+ is officially shutting down today