The bug, which was introduced to Google+ in November, allowed developers to access personal profile information including name, birthday, gender, nickname and more even if those users had limited access to that information.
“We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced,” wrote Google vice president David Thacker in a blog post, Extremetech reported. “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”
The disclosure comes two months after Google revealed another security vulnerability affecting the social network. Back in October, the company disclosed that it had discovered and patched a bug that allowed application developers to access personal data earlier this year.
At the time, Google said that Google+ had seen “low usage and engagement,” with over 90 percent of all usage sessions lasting 5 seconds or less. This led to the decision to shutter the network, with Google first saying that it would turn off access in August of next year.
Google’s disclosures are a bit different from the issues that Facebook was facing earlier this year. Companies regularly find security flaws in their products, and there are currently no reports that anyone actually used the bugs in Google+ to steal any personal data.
Facebook on the other hand had purposefully designed its product in a way that allowed app developers to access a vast amount of data. The Trump campaign-linked data consultancy Cambridge Analytica made use of those design decisions to siphon data off the platform, which was possibly used to aid political campaigns.
Still, the latest disclosure will likely put a bigger spotlight on Google’s privacy practices. It is also poised to come up when Google CEO Sundar Pichai testifies before Congress on Tuesday.