Google has announced a bug in its Google+ social network that left personal information relating to up to 500,000 users exposed.
In a blog post, the company said it discovered the leak and patched it in March – however it opted not to inform users until now.
It said the bug was present for more than two years – and it is unable to say with certainty what users were impacted.
The tech giant said it was shutting down the consumer version of Google+ in response to the discovery.
It said the affected personal data is limited to optional Google+ profile fields – including name, email address, occupation, gender, age and date of birth.
It said it does not include Google+ posts, messages, account data or phone numbers.
The company's engineers found no evidence that the data was misused or that any developer had exploited the leak.
It said it has decided to “sunset” the Google+ platform in response to the discovery - noting that it has failed to achieve “broad consumer or developer adoption" with 90% of user sessions counted at less than five seconds.
The company will now focus on expanding Google+ Enterprise offering – with a range of new features purpose-built for businesses.
Shares in Google's parent company Alphabet Inc dropped 1.5% in response to the announcement.