> Within November 2018, another data breach was found within a Google+ API software update. The bug was fixed within a week and there was no evidence that any third party developer compromised the system.
Please explain how this is anywhere near the level of FB & CA?
> However, approximately 52.5 million non-public profile fields were exposed to alternative apps that requested access to individuals Google+ ID, and created access to other profiles that had shared information with each other.
It's not on the same level as CA but should remind you that even a corporation like Google can have such data breaches, regardless of whether they were gaps or poor design. The investigations were initiated only after the CA scandal. Would the gap have been discovered in time without CA? Who knows. Even if it is assumed that this gap was not exploited, 52 million affected users is not a small number.
I don't think it's comparable at all - the CA scandal wasn't something CA got access to via a bug. What CA had been doing, plenty of other companies had already been doing on Facebook's platform to maximize ad spend. CA was just first to apply it to agitprop. So yes, while Google did go back and make sure their APIs were cleaned up they never unofficially offered the functionality in the first place.
https://en.wikipedia.org/wiki/2018_Google_data_breach