Google+ was never hacked, but there was a dodgy API endpoint that let you view profile data set to private.

So it wasn’t hacked, it just had an exploitable end point, that was exploited?

It had an exploitable end point that wasn’t exploited and google shut down G+ rather then let it become exploited.

My theory is that it was less embarrassing than saying they failed so spectacularly. A shame really.

I suspect that fixing the bug would have cost more then G+ was making them. Which is a pity because the world needed a nonfacebook social media platform.