Google has announced a bug in its Google+ social network that left personal information relating to up to 500,000 users exposed.

In a blog post, the company said it discovered the leak and patched it in March – however it opted not to inform users until now.

It said the bug was present for more than two years – and it is unable to say with certainty what users were impacted.

The tech giant said it was shutting down the consumer version of Google+ in response to the discovery.

Personal data

It said the affected personal data is limited to optional Google+ profile fields – including name, email address, occupation, gender, age and date of birth.

It said it does not include Google+ posts, messages, account data or phone numbers.

It said it had no evidence that the data was misused or that any developer had exploited the leak.

Notice to users

Explaining its reasoning for not informing users about the leak, the company said: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”

“Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response.

“None of these thresholds were met in this instance.”

Google+

It said it has decided to “sunset” the Google+ platform noting that 90% of user sessions are less than five seconds – and it has failed to achieve “broad consumer or developer adoption, and has seen limited user interaction with apps.”

“To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August,” it said.

“Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data.”

Enterprise

It said the platform is better suited for business use “where co-workers can engage in internal discussions on a secure corporate social network.”

As a result the company will now focus on expanding its ‘Enterprise’ offering – with a range of new features purpose-built for businesses.

Gmail

The company is also taking steps to limit the apps that can ask for permission to access consumer data through Gmail.

It said, moving forward, only apps that directly enhance the functionality of email will authorized to access the data.

 Meanwhile, it is limiting the ability of third-party apps to receive Call Log and SMS permissions on Android devices.

Shares in Google's parent company Alphabet Inc dropped 1.5% in response to the announcement.