Google+ bug: Why it matters and how to delete your account

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

In June 2011, the world's biggest internet company launched what it hoped would become the world's biggest social network. "Online sharing is awkward. Even broken. And we aim to fix it," Google's senior vice president for engineering Vic Gundotra said in a blog post introducing Google+, and within a month more than 10 million people had signed up.

Seven years later it would be caught up in an embarrassing leak that exposed people's personal information – embarrassing not only for the vast amount of information lost, but just how little people cared about what was once one of Google's flagship projects.

Google+ aimed to link all of Google's consumer products into one online identity, and the threat it posed to Facebook – which had a virtual monopoly in this space up until then – meant CEO Mark Zuckerberg declared a company-wide "lockdown" while it figured out a strategy to crush its rival.

Google+ was Google's fourth foray into creating a social network, following the failures of Google Buzz, Google Friend Connect and Orkut. But it was the first one that looked like it might actually catch on. And while the bug may have been the death knell for Google+, its demise can be traced back to Facebook's war room, whose strategy had been so effective that by 2018 the platform had less than 7 million users who had even posted more than 50 times.

This lack of users prompted people to take to other social media platforms to mock Google's announcement that it is "sunsetting" Google+ as a result of the data leakage. But the lack of active users shouldn't be used as a measure for a lack of concern – especially considering the insidiousness of Google's reach.

The pervasiveness of Google means most people who use the internet have probably shared personal data with the Silicon Valley giant at some point – unsurprising considering it owns the world's most popular search engine, mobile operating system (Android), email service (Gmail), web browser (Chrome) and video-sharing platform (YouTube).

This means any security lapse on Google's part can have major consequences for its users, even if it might not be immediately obvious.

"Lots of people keep a ton of really valuable data in their Google account – so unauthorised access could be really damaging," says Brain Vecci from the security firm Varonis.

"On top of that, when you get access to someone's primary email – which for many people is Gmail – you've got the keys to their online life. Not only do you have their login, which is almost always their email, you have the ability to reset any password since password reset links are sent via email."

While these details were not exposed in the latest data breach, Vecci says the fact Google took so long to disclose the Google+ hack is a "huge red flag" and should prompt people to take note of the data they share with Google.

It is a sentiment echoed by Tyler Moffitt, a senior threat research analyst at cyber security firm Webroot.

"It's important for consumers to realise that connecting apps in social media platforms only increase the amount of valuable information that could potentially be breached, as well as increases attacks vectors that hackers can leverage," Moffitt says.

A Google spokesperson tells The Independent that the issue had been reviewed by the firm's Privacy and Data Protection Office but found no evidence of misuse.

"The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations," the spokesperson says.

"Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+."

Google announced that it plans to shut down Google+ for all consumer users, however this won't happen for another 10 months.

Security experts are therefore advising account holders to close their accounts to avoid any further potential breaches.

To close an account, people can click on their profile picture that appears in the upper right-hand corner of their screen in their Gmail inbox or in the Chrome web browser. By clicking on 'Google+ Profile', people will then be able to deactivate their accounts by selecting 'Settings', then 'Delete your Google+ profile'.