I don't know how you could prove whether anyone exploited this or not, unless you found a breach list posted on the open internet... even if you had the access logs:
> This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. (See the full list on our developer site.) It does not include any other data
This is such a bogus statement out front. The first time I read it, I didn't even see "the full list" mentioned. The full list is much longer than this seemingly innocuous list of properties of a person. It includes such gems as:
> A list of places where this person has lived.
> A list of email addresses that this person has,
> The hosted domain name for the user's Google Apps account.
It's a little worse than they painted it to be, maybe not much, but at least they're being transparent, I guess...
That's sort of the point. You can only prove positively that a breach has been exploited because there can be proof of that. But there can never be 100% ironclad proof that it wasn't exploited.
> This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. (See the full list on our developer site.) It does not include any other data
This is such a bogus statement out front. The first time I read it, I didn't even see "the full list" mentioned. The full list is much longer than this seemingly innocuous list of properties of a person. It includes such gems as:
> A list of places where this person has lived.
> A list of email addresses that this person has,
> The hosted domain name for the user's Google Apps account.
It's a little worse than they painted it to be, maybe not much, but at least they're being transparent, I guess...