Speaking about the exposed data, Google said on Monday: "We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused".
The bug, which went undiscovered from 2015 until March of this year, according to The WSJ, allowed developers to access personal data from the connections of people who had installed their app, even if those people didn't give permission for their information to be accessed.
Google who has now gone public with the data exposure wrote in a blog post that they found no evidence of data misuse. Google+ posts, messages, Google account data, phone numbers, or G Suite content were not accessible.
In a statement to BleepingComputer, a Google Spokesperson said that their Privacy & Data Protection Office felt it was not necessary to disclose as it did not meet the threshold that would warrant it. Today, after over 7 years of existence, Google is shutting down Google+ for good-although its low user base surprisingly wasn't the main factor behind this decision. The company did not check up with any of the developers of the aforementioned 438 apps.
Despite the social network closing down, you can still take action.
The Wall Street Journal says it reviewed an internal memo circulated among Google's legal staff and senior executives that warned of "immediate regulatory interest" and public comparisons to Facebook's user information leak to Cambridge Analytica should the mistake become public.
App access to user Gmail data will be limited to fewer use cases, Smith said. Before patching it, Google ran an analysis and found that up to 500,000 Google+ accounts were affected.
Google says that 90 per cent of Google+ user sessions lasted for less than five seconds.
Nevertheless, as a result of the security audit, the search giant has vowed to allow users to tightly control what data is made available to third-party applications that sync with Google accounts.
The firm has also promised to institute new security rules, including limits around the types of use cases that are permitted to access consumer Gmail data. Instead of reporting this to subscribers of the service, Google chose to just let it slide so that it wouldn't be subject to investigation by regulatory agencies. If an app wants access to a Calendar and Drive documents, for example, you can opt to share one but not the other.
Google did not immediately respond to a Reuters request for comment.