Three United States senators have demanded that Google provide answers about its recent disclosure of a security breach in its Google+ social network that led to its closure. Google only came forward after the Wall Street Journal broke the story on October 8.
So far, one federal proposed class-action lawsuit has been filed in the wake of the episode.
Please describe in detail when and how Google became aware of this vulnerability and what actions Google took to remedy it.
Why did Google choose not to disclose the vulnerability, including to the Committee or to the public, until many months after it was discovered?
Are there similar incidents which have not been publicly disclosed?
Please provide a copy of Google's internal memo cited in the WSJ article.