
The breach that killed Google+ wasn’t a breach at all - stablemap
https://www.theverge.com/2018/10/9/17957312/google-plus-vulnerability-privacy-breach-law
======
watersb
Perhaps this was obvious to HN readers, but as the story reaches mainstream
media, it bears repeating: the Google+ vulnerability was discovered in an
internal audit, with new tools, and does not seem to have been exploited.

There have been serious data breaches over the past 18 months, and this is not
one of them.

The big story here is Google's strange handling of the situation, and a
dilemma of the lack of logging information. The claim that Google has only
logs for two weeks of Google+ service: does that limit the scope of a
vulnerability, or does it mean we will ever know?

