Google accidentally sent users’ private videos to strangers in stunning ‘Takeout’ mix-up
In a disconcerting security warning, Google is saying videos stored in some users’ Google Photos archive were incorrectly sent to other users who requested a download of their files.
The message, originally highlighted on Twitter by one Jon Oberheide, begins with Google saying, “We are writing to inform you of a technical issue that affected the Google ‘Download your data’ service for Google Photos between November 21, 2019 and November 25, 2019, when it was fixed.”
The search giant says that, during that time frame, people who requested an export of their data may have had their content accidentally sent to other people who performed the same request – essentially a mix-up in the way Google segregates individual users’ accounts and cloud storage.
The company says less than 0.01% of users who exported their content during that period were actually affected, according to androidcentral.com.
Google assures users that the underlying issue has been identified and resolved and recommends that affected users perform another export of their data. It also tells users to delete the prior archive.
The Google Takeout service, which allows users to export a copy of their Google Account content to back it up or use it with a different service, is ironically advertised with the tagline “Your account, your data.”
Google ends the message with a boilerplate apology “for the inconvenience” that will hardly appease recipients whose intimate digital life may have been leaked to strangers.
9to5Google obtained the following statement from the web giant:
“We are notifying people about a bug that may have affected users who used Google Takeout to export their Google Photos content between November 21 and November 25. These users may have received either an incomplete archive, or videos—not photos—that were not theirs. We fixed the underlying issue and have conducted an in-depth analysis to help prevent this from ever happening again. We are very sorry this happened.”
For his part, Oberheide, who is a CTO, writes to his follower-base:
“To be clear, this is a big screw-up. I hope the number of affected parties is small, but the impact to those parties could be high…and very unsettling.”
Under new data protection laws, Google may incur a substantial fine for this monumental cockup.
To clarify for our readers, if you haven’t requested a download of your Google data between November 21, 2019 and November 25, 2019, you should not be affected.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: https://hotforsecurity.bitdefender.com/blog/google-accidentally-sent-some-peoples-private-videos-to-strangers-in-massive-takeout-mix-up-22226.html
