According to The Journal, Google discovered the data breach in March this year and, although the bug has since been patched, the company decided not to disclose the news for fear of "immediate regulatory interest" and potential reputational damage.
The announcement came on Monday, with Google saying in a blog post that they discovered a bug which could have allowed as many as 438 external apps to collect user names, email addresses, professions, gender and age without authorization. It said it had no evidence that any third-party developer was aware of the bug or had misused profile data.
Google is shutting down its Google+ social network after it covered up a gaping security hole that exposed the personal data of half a million internet users.
"Smith said that despite Google's engineering teams putting in a lot of effort, "[Google+] has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps.
In addition to the sunsetting of Google+, Project Strobe brings in new, more granular controls over the data Android and Gmail users share with apps.
Google will wind down Google+ during the coming 10 months to allow people time to download pictures, videos or other data they want from their accounts.
The Google+ vulnerability was discovered at a time that nearly coincided with the notorious privacy leakage scandal of the world's largest social media network Facebook, which has been widely criticized for its failure to protect its users' private data. The software flaw affected how the social network, created to rival Facebook but never seriously challenging it, interacted with third-party applications.
Google is closing its social network, Google Plus, following the discovery of a security breach this past spring, in which up to 500,000 customers (between 2015 and 2018) had their information exposed.
The news comes just two weeks after Facebook revealed almost 50m users had been affected by a similar privacy lapse. That said, Google had confirmed that the data hasn't been misused. As for why it's being shut down, Google says that Google+ has "low usage and engagement", with 90 percent of G+ user sessions lasting less than five seconds.
Google did not immediately respond to a request for comment on the report.
Those who are very panicked may find solace in the fact that Google did state that the firm only keeps API log data for two weeks.