A bit of a shocker on a slow-news Monday and the eve of a major product announcement from Google has placed the search and advertising giant on the defensive. Google apparently exposed the information of hundreds of thousands of users of its Google + social network.

Google says that name, email address, occupation, gender, and age data of users were exposed even if these were set by users to be private, not public. The flaw, which Google says was not exploited by hackers, was open from 2015 to 2018. Granted, Google + is considered as a failed challenger to Facebook and Twitter, it lost steam rather quickly even as the majority of users continued to have accounts.

Exploits like these happen commonly, but companies are usually quick to disclose and reach out to customers so that they can take precautions, change their passwords or log off the serivces. It took a Wall Street Journal report for Google to respond. It appears the company was worried that disclosing the exploit would impact its reputation. Hiding the truth will likely hurt the company's reputation even more.

Google has closed the bug in March 2018, but hasn't disclosed its existence until now. Already under scrutiny for the way it handels personal information and privacy, Google is now on the defensive. The data of 500,000 users was exposed. Google's response as to why it took so long to notify users is as follows.

Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance.

Google is moving to shut down the consumer facing version of Google +, while maintaining the corporate component which will take 10 months to complete.