>We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug.
They only kept two weeks of logs, yet this bug was accessible over a three year window. So out of 156 weeks they can only rule out 2 weeks where data was not accessed. I think that's pretty pathetic for a company that stores your precise location, search history, photos, email, text messages, calendar, social network, date of birth, etc.
This is a very big story. Hence why Google executives sat on it for six months.
This article makes this sound like this is something that it appears to not be.
Did this all start when Google fired Damore? Or does it date further back?