Earlier this week Google announced that it would be shutting down Google+ for consumers in 2019. While making that announcement the firm also disclosed a security bug that affected some 500 000 Google+ users.
Following that disclosure Google and its parent company Alphabet are now facing a lawsuit.
Two plaintiffs – Matt Matic and Zak Harris – have filed a class action complaint against Google and Alphabet in a Californian court this week.
The two plaintiffs allege that Google’s lax approach to security led to “a data leak affecting more than 500 000 Google+ users over a period of at least 3 years”.
While Google said during its disclosure that only 500 000 users were affected it also admitted that historical data for Google+ was only kept for a period of two weeks at a time.
“Although Defendants have reported that only up to 500,000 users were affected, the reality is that this number is what was determined only for the two week period prior to the discovery of the security vulnerability in March 2018. Thus, given that the data leak occurred for nearly 3 years, the number of compromised users is expected to be much higher,” reads the court filing.
Together Matic and Harris are alleging unlawful business practice, negligence and invasion of privacy among other offenses and have demanded a trial by jury.
Google has yet to comment on the lawsuit but it’s worth remembering that the firm said it had no evidence that user data was compromised by the bug it disclosed.
That having been said it’s hard not to question why it took Google almost eight months to disclose a bug it discovered and fixed in March.[Via – Ars Technica]