Google on Monday revealed that it had discovered a new software bug that briefly exposed nonpublic information for more than 50 million users of its Google Plus network.
The discovery has prompted the internet giant to expedite the closure of its little-used social media platform, a decision Google announced in October when it revealed an earlier vulnerability affecting a half-million people.
David Thacker, Google’s vice president of product management for its business apps, wrote in a blog post on Monday that the bug was mistakenly created by a software patch that the company implemented last month and shut down within a week.
“No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way,” Thacker wrote.
The announcement comes on the eve of Google CEO Sundar Pichai’s appearance before the House Judiciary Committee, where he’ll be expected to be grilled on the company’s handling of user data.
The bug gave third-party developers access to users' profile information that was beyond the scope of what they had agreed to share. Google said the flaw did not expose financial data, passwords or other sensitive information that is often used in identity theft.
As a result of the exposure, Google will be moving its planned sunset of the Google Plus platform up from August to April.
Google admitted in October that it had not disclosed the earlier Google Plus security flaw to the public or regulators after it was discovered in March, around the same time that Facebook was being engulfed in controversy surrounding the Cambridge Analytica scandal.
The Wall Street Journal reported that Google held off on revealing the incident, in part, to avoid any new scrutiny from regulators.
Updated at 2:41 p.m.