Google accidentally sent users’ private videos to strangers in stunning ‘Takeout’ mix-up

In a disconcerting
security warning, Google is saying videos stored in some users’ Google Photos
archive were incorrectly sent to other users who requested a download of their
files.

The message,
originally highlighted on Twitter by one Jon Oberheide,
begins with Google saying, “We are writing to inform you of a technical issue
that affected the Google ‘Download your data’ service for Google Photos between
November 21, 2019 and November 25, 2019, when it was fixed.”

The search
giant says that, during that time frame, people who requested an export of
their data may have had their content accidentally sent to other people who
performed the same request – essentially a mix-up in the way Google segregates
individual users’ accounts and cloud storage.

The company says
less than 0.01% of users who exported their content during that period were
actually affected, according to androidcentral.com.

Credit: Jon Oberheide (@jonoberheide) via Twitter

Google
assures users that the underlying issue has been identified and resolved and
recommends that affected users perform another export of their data. It also
tells users to delete the prior archive.

The Google
Takeout service, which allows users to export a copy of their Google Account
content to back it up or use it with a different service, is ironically
advertised with the tagline “Your account, your data.”

Google ends
the message with a boilerplate apology “for the inconvenience” that will hardly
appease recipients whose intimate digital life may have been leaked to strangers.

9to5Google obtained the following statement
from the web giant:

“We are
notifying people about a bug that may have affected users who used Google Takeout
to export their Google Photos content between November 21 and November 25.
These users may have received either an incomplete archive, or videos—not
photos—that were not theirs. We fixed the underlying issue and have conducted
an in-depth analysis to help prevent this from ever happening again. We are
very sorry this happened.”

For his
part, Oberheide, who is a CTO, writes to his follower-base:

“To be
clear, this is a big screw-up. I hope the number of affected parties is small,
but the impact to those parties could be high…and very unsettling.”

Under new
data protection laws, Google may incur a substantial fine for this monumental
cockup.

To clarify
for our readers, if you haven’t requested a download of your Google data
between November 21, 2019 and November 25, 2019, you should not be affected.

Leave a Reply

Your email address will not be published.

Scroll to top