I don't expect them to say what it is, definitively, for a month or so.
I do expect them to give some basic initial notification to developers that a security breach has happened, it was limited to x, y, z (which they should be able to determine within a day), and what initial steps are, and have some independent way for developers to contact them.
I do expect them to give some basic initial notification to developers that a security breach has happened, it was limited to x, y, z (which they should be able to determine within a day), and what initial steps are, and have some independent way for developers to contact them.