I am surprised we haven’t seen this kind of thing previously. No doubt it has happened before given the value to attackers of this kind of information. The issue was found by a bug hunter as part of Google’s bounty program. Good for them to include the infrastructure for their program as well as Google products and services.
Google’s Issue Tracker contained until recently a vulnerability that would allow an external party access to any unpatched bug listed and described in the database.
Jed Reynolds liked this Aside on plus.google.com.