Perhaps this was obvious to HN readers, but as the story reaches mainstream media, it bears repeating: the Google+ vulnerability was discovered in an internal audit, with new tools, and does not seem to have been exploited.<p>There have been serious data breaches over the past 18 months, and this is not one of them.<p>The big story here is Google's strange handling of the situation, and a dilemma of the lack of logging information. The claim that Google has only logs for two weeks of Google+ service: does that limit the scope of a vulnerability, or does it mean we will ever know?