Its decision not to disclose the bug will likely invite the extra scrutiny it had hoped to avoid.
Google is now shuttering Google+ as a delayed response.
'Given these challenges and the very low usage of the consumer version of Google+, we chose to sunset the consumer version of Google+'.
Even if you, like many, haven't used your Google+ account, it could still be at risk. A bug in the API could have allowed outside developers to access the data of 496,951 users who had only opted to share their private profile data with friends.
Ortega said such delays in reporting data leaks could become more common among technology companies as they looked to protect their reputation in the wake of legislation and privacy laws. The bug is said to have affected as many as 500,000 accounts, though the company says it found "no evidence" that any data was actually misused.
Though Google found the vulnerability seven months ago, it did not tell the public at the time. "We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused". The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. and is widely seen as one of Google's biggest failures.
It also announced other security features. Think of it like Android's permission control, just for your Google account. Apps also won't be allowed to sell the data for marketing or ad targeting, and any human review of email data will be "strictly limited".
On Android, Google will limit apps ability to receive users call logs and short messaging service (SMS) data. Now, only apps that fit a particular use case will be able to access these permissions. Despite this, they still plan to shut down Google+, providing people the next ten months to migrate their personal information.
Such apps include email clients, backup and productivity services, Smith said.
Google Chief Executive Sundar Pichai has agreed to testify before Congress in the coming weeks, according to the Journal. "Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice", he says. In fact, usage is pretty minimal on the site, with "90 percent of Google + user sessions" being "less than five seconds".
Interested in Google? Add Google as an interest to stay up to date on the latest Google news, video, and analysis from ABC News.