Google
Google+ for consumers will shutdown in April 2019, four months earlier than originally planned. David Ramos/Getty Images

Google has announced that it will be shutting down Google+ four months earlier than originally planned. The announcement was made after the search giant discovered a new vulnerability that might have affected 52.5 million users.

In October, Google announced that it found a data bug in Google+ last spring that prompted the company to permanently shut down all consumer functionality of the social media service by August 2019. With the discovery of a new vulnerability, Google has decided to shut down Google+ four months earlier than originally planned, on April 2019.

“With the discovery of this new bug, we have decided to expedite the shutdown of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019,” Google said on its blog.

The Google+ vulnerability could have exposed users’ profile information, including their names, email addresses, occupations and age to developers, according to The Verge. Google also said that user data could still have been exposed even if users set their accounts to private. Certain apps could have also been able to access profile data shared with a specific user.

Google discovered this new bug as part of its standard testing procedure when a software update was introduced to Google+ in November. The company was able to fix it within a week and its systems weren’t compromised by a third party, according to 9To5Google. The company also said that there appears to be no evidence that app developers accessed the vulnerability between Nov. 7 and Nov. 13.

The search engine giant said that it has begun notifying its consumer users and enterprise customers that were affected by this Google+ bug. The company also said that it is continuing its investigation in order to find out if it has affected other Google+ APIs. Google said that it's currently in the process of notifying enterprise customers that were impacted by this bug and that a list of users in affected domains is already being sent to system administrators. The company will reach out again if it finds more users affected by the bug, or if it finds other issues as well.

The newly discovered bug sounds quite similar to the one that was disclosed in October. The main difference here, however, is that Google decided to act quickly this time around. The first bug was first discovered and patched in March, and it might have exposed the private user data of 500,000 accounts to developers for as long as three years. Despite being discovered in March, Google only disclosed its existence seven months later.