Google exposed the private data of hundreds of thousands of people and declined to inform the public, the Wall Street Journal reported Monday.
Between 2015 and March of this year, a bug affecting the company’s Google+ social media service gave external developers access to information such as “full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.”
An internal memo concerning the issue, the Journal states, argued that disclosing the glitch would likely result in “immediate regulatory interest” and damage the company’s image.
The decision not to reveal the vulnerability was also reportedly shared with Google CEO Sundar Pichai.
The memo also warned that informing the public would draw comparisons to Facebook’s Cambridge Analytica scandal, all but ensuring “Sundar will testify before Congress.”
In a statement to the Journal, Google said it opted not to disclose the exposure due to, among other things, a lack of evidence that data was misused.
The problem was allegedly discovered by Project Strobe, Google’s privacy task force, during a company-wide security audit.
The audit also found an API issue that allowed third party developers “to retrieve the data of some users who never intended to share it publicly.”
“It found 496,951 users who had shared private profile data with a friend could have had that data accessed by an outside developer…” the Journal writes, citing a source familiar with the findings.
Google announced Monday around the same time of the Journal’s report that it would be shutting down its Google+ social network.
News of the issue comes amid numerous scandals for Google as well as growing public concern over tech companies’ data sharing practices.
Google’s Project Dragonfly, a censored search engine for China, has also received pushback from employees, human rights groups and even U.S. Vice President Mike Pence.