Google+ has been virtually dead since 2014. However, it was later revealed that Google had disclosed the personal data of hundreds of thousands of Google+ users to third parties over the years. The Google+ data leak was happening from 2015 to 2018 and allowed developers to gain access to data from the Google+ People API, including private profiles.
The class action lawsuit against Google was filed in October 2018 after it became known that the tech giant did not disclose a three-year vulnerability which exposed about 50 million users of the platform. The tech company was accused of inability to properly protect personal user data.
The lawsuit was filed after Google failed to disclose a vulnerability in the Google+ application programming interface (API) for third-party application developers. Using this vulnerability, attackers could gain access to such personal data of users as name, gender, age, and email address. However, Google said that the leak did not affect messages or phone numbers from the contact list.
Google was aware of the issue, but decided not to disclose it to avoid regulatory scrutiny. In 2018, Google had to admit that it had violated the privacy of over 500,000 users. The company later reported a second data leak that affected 52.5 million users. After that, Google shut Google+ down, and the social network is no longer a security threat.
The class action case was settled in June 2020, when Google agreed to pay out $7.5 million, which would be distributed among all applicants who used the platform. Each applicant was initially supposed to receive $12 per application. However, given that more than 1.72 million people have filed the lawsuit, and including various court fees and costs, Google will pay $2.15 to every Google+ user who suffered from a personal data leak in 2018.
The payments began on August 2 via PayPal or ACH and will last until August 14.