The leak of a database of incidents revealed that Google has had thousands of privacy incidents, from recording children’s voices to accidentally creating a database of geolocated license plate numbers. Many of these incidents have never been disclosed previously.
Obtained and analyzed by 404 Media, the database contained thousands of privacy incidents between 2013 and 2018 and detailed all manner of issues including both internal to Google and vulnerabilities in third-party vendors used by Google.
Google has meticulously recorded each privacy breach with detailed notes on every incident. One of the breaches involved the exposure of over a million email addresses from a company Google acquired, with the data being viewable in the source code for a webpage. The data may also have included geolocation information and IP addresses. Children were among the users impacted by this breach. The database report said, “This exposure has been addressed as part of the closing conditions for this acquisition. However, the data was exposed for > 1yr and could already have been harvested.”
A further incident involved the accidental recording by a Google speech service, which captured speech data for around an hour, including around 1,000 children’s voices. According to the report, the team deleted all of the recorded speech for the affected time period.
A particularly egregious incident occurred when a member of Google staff accessed and viewed private videos from Nintendo’s YouTube account and then leaked information about them before Nintendo’s launches. Google conducted an internal review and deemed the actions “non-intentional”, resulting in no changes.
In a further YouTube breach, the algorithm was making recommendations to users based on videos the users had deliberately removed from their watch history, breaching YouTube’s own policies.
404 Media approached Google for a statement, and the tech giant said: “At Google employees can quickly flag potential product issues for review by the relevant teams. When an employee submits the flag they suggest the priority level to the reviewer. The reports obtained by 404 are from over six years ago and are examples of these flags—every one was reviewed and resolved at that time. In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third party services.”
Google also suffered a further leak this year with a huge batch of documents relating to its search engine ranking algorithm being exposed through a GitHub repository.
Featured image: generated by Ideogram