Google Photos has shared some users' private videos with strangers

Posted:
in General Discussion
Google has sent notices to some of its Google Photos users, telling them that that some of the videos stored in the service may have been exported to random users' archives.

Image credit: <a href=@jonoberheide" height="368" />
Image credit: @jonoberheide


Those who used Google's "Download your data" service for Google Photos between November 21 and November 25 of 2019 may find that their data export is incomplete -- and could contain videos from other users. Google is informing impacted users now, and it is unclear how many users are a victim of the problem.

The notice was screen capped by Twitter user Jon Oberheide, co-founder of Duo Security, on February 3. It is not known how many users were affected at this time.



Google states that for a five day period, a technical issue made it possible for users' videos to be exported to unrelated users archives. They assure users that the issue has been fixed, but notes that users should delete prior exports and perform a new export at this time.

It is possible that a user's videos have been shared with an unknown amount of other users, and it isn't being made clear which videos may have been shared. Google only mentions videos, so it can be assumed that exported photos are likely unaffected.

Google had recently been the subject of other security scandals. In late 2019, a security research organization in Germany placed eight 'smart spies' in both the Amazon Alexa and Google Home app stores to demonstrate how easily eavesdropping and phishing can be done over smart speakers.

It was also recently discovered that Avast, a popular antivirus tool for both PC and Mac, had been harvesting user data and selling it directly to Google and Microsoft.

Comments

  • Reply 1 of 13
    razorpitrazorpit Posts: 1,796member
    Gatorguy to defend in 3-2-1....
    lkruppcornchipSpamSandwichbadmonkwatto_cobra
  • Reply 2 of 13
    Given the nature of software development + human error, breaches will happen.  I was reading Tom's Guide on this and the writer was calling for the government to do something like the government hasn't had countless breaches and are rarely held accountable.  As long as the breached entity isn't being grossly negligent or covering up/lying about the breach, take action if affected and press on.   Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach. 
  • Reply 3 of 13
    markbyrn said:
    Given the nature of software development + human error, breaches will happen.  I was reading Tom's Guide on this and the writer was calling for the government to do something like the government hasn't had countless breaches and are rarely held accountable.  As long as the breached entity isn't being grossly negligent or covering up/lying about the breach, take action if affected and press on.   Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach. 

    "Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach."

    No comment here about the Google mishap, rather just about your strawman argument: Your point of view is not made stronger by trying to portray anyone that doesn't agree with it as a deluded person. It reads more like reflection (i.e. that you're coddling Google.)

    edited February 2020 cornchipjcs2305watto_cobra
  • Reply 4 of 13
    cornchipcornchip Posts: 1,954member
    incredible!
    watto_cobra
  • Reply 5 of 13
    This has little or nothing to do with a data breach and everything to do with the lack of competence on the part of the Googles architecture and design team. 
    watto_cobra
  • Reply 6 of 13
    Just go into storing your data and photos online with the assumption it’s not secure and you’ll be fine.
  • Reply 7 of 13
    gatorguygatorguy Posts: 24,387member
    Reportedly it affected .01% of those who were requesting their Google Data be exported to them (ie for moving to another service or local storage) during that 5 day period. Potentially thousands of users may be in that group. It involved only video and no photos nor other data included, nor was any video erroneously "shared" if you were not requesting your full data package be exported to you. Bad mistake Google from both a user and PR standpoint. 
    edited February 2020
  • Reply 8 of 13
    jcs2305jcs2305 Posts: 1,338member
    markbyrn said:
    Given the nature of software development + human error, breaches will happen.  I was reading Tom's Guide on this and the writer was calling for the government to do something like the government hasn't had countless breaches and are rarely held accountable.  As long as the breached entity isn't being grossly negligent or covering up/lying about the breach, take action if affected and press on.   Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach. 

    You're sure people on an Applecentric website will take shots at Google for the incompetence they showed by allowing this to happen?  Hahaha Really? This isn't Tom's Guide..

    Also from what I understood the iCloud issue was targeted Identity theft/hacking. I don’t recall Apple randomly emailing out photos from peoples accounts. This is far worse a privacy breach in my opinion. 

    Honestly NONE of these breaches are ok.. and the people affected would definitely agree with me I think..  I am just saying stop with the defensive posturing.  If there was mistake made by any of these huge companies they need to be held accountable, and not to any lesser degree because we like a company's products, or feel they have our best interest in mind.


    watto_cobra
  • Reply 9 of 13
    Rayz2016Rayz2016 Posts: 6,957member
    The wording in this 'apology' is the work of a psych genius. I did a short PR course once, and this thing ticks all the boxes in victim-blaming

    Let's start with the opening:

    our records show that you requested …

    and

    if you downloaded your data, it may be incomplete and may contain data that is not yours.

    Note the use of 'you' and 'yours', reminding YOU that YOU initiated this action, so in some way, you're partially to blame, especially since you  have downloaded data that doesn't belong to you. What actually happened was that Google screwed up and sent you data that belonged to someone else. This is Google's way of asking if you were dressed provocatively when they lost your data, and if so then perhaps, in some way, you were asking for it.

    Exhibit B:

    "We apologize for any inconvenience caused"

    Weird Uncle Google is now telling you exactly how serious this breach was: an inconvenience. Whether it was an inconvenience or not depends on what was on the pictures they sent to perfect strangers; it certainly isn't their call. But they'd like to make it clear that this is all this is: an inconvenience.


    watto_cobra
  • Reply 10 of 13
    chasmchasm Posts: 3,415member
    If you're dumb enough to store your personal photos on Google because it's "free," you're getting exactly what you're paying for.
    watto_cobra
  • Reply 11 of 13
    dysamoriadysamoria Posts: 3,430member
    markbyrn said:
    Given the nature of software development + human error, breaches will happen.  I was reading Tom's Guide on this and the writer was calling for the government to do something like the government hasn't had countless breaches and are rarely held accountable.  As long as the breached entity isn't being grossly negligent or covering up/lying about the breach, take action if affected and press on.   Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach. 
    ...And this is exactly the kind of shrugging-it-off culture I was complaining about in another article about security failures in internet-related products...

    You've been conditioned well by the [lazy] computer industry and tech geek culture. Security and reliability(!!) has never been a serious concern at the core of computing (especially capitalism-driven computing product), and only now is it finally starting to seriously bite humanity in the ass. REPEATEDLY.
    watto_cobra
  • Reply 12 of 13
    dysamoriadysamoria Posts: 3,430member

    chasm said:
    If you're dumb enough to store your personal photos on Google because it's "free," you're getting exactly what you're paying for.
    ...And there we go with the victim-blaming.

    Just because YOU have spent ages learning how not to trust computing doesn’t mean everyone else has (nor should have to constantly watch out for untrustworthy product marketing).

    The utter callous brutality of the kind of society some people are okay with...
    edited February 2020
  • Reply 13 of 13
    dysamoriadysamoria Posts: 3,430member
    As for Google themselves... I don’t even know what to say anymore. There’s a clear and present danger from this company.

    I reject google docs entirely, and search tools for the most part, but I can’t say I am clear of reliance on Google.

     I use GMail for “business” mail (ie: every time I’m required to make an account somewhere, or give someone my email address) and I now kind of hate myself for it. It was a protection against my private email address being spewed all over the internet and spammed to death, and that has worked out wonderfully... but seeing Google’s endless mistakes AND intentional abuses of user data, I am NOT OKAY with how much I actually rely on Google.

    I also watch lots of shit on YouTube and use Google’s reverse-image-search (which is very handy and isn’t replicated well by anyone else).  Other than those (which I’m growing more and more intolerant dealing with), I’ve drawn a line in the sand with Google, and refuse to get deeper. But I’m deep enough. When will it bite me in the ass?

    I often wonder when Apple’s iCloud will make me feel just as vulnerable as Google’s shit. Do i transition my “business” mail to them, when they also have a history of abandoning online services?

    We really do have a house of cards here...
Sign In or Register to comment.