A recent leak has revealed some past privacy failures on Google services that could have affected user data. The incidents in question occurred at least six years ago. The company acted at the time but apparently did not adequately disclose these problems.
404 Media obtained a leaked copy of Google’s internal database. After analyzing it, they discovered “thousands” of security incidents reported internally by company employees. The important thing about these incidents is that they endangered the privacy of users. The situation occurred between six and nine years ago.
Some Google privacy failures revealed by the leak
The source revealed some of the most worrying incidents. It mentions recordings of children’s voices through the Gboard microphone. There was also a leak of private content from the Nintendo channel on YouTube. Likewise, the report mentions possible access to employee payment data through Saber (a travel agency software).
There are more specific details about some of the incidents. For example, there’s a situation where up to 1 million email addresses associated with the Socratic.org platform were visible by checking the page’s source code. For this case, the leaked database notes say that “the data was exposed for > 1yr and could already have been harvested.”
In an incident related to Street View, vehicle registration numbers were being transcribed and stored. In this case, the problem was apparently due to a failure in the text detection algorithm. There is also a situation related to Waze, where address and trip data from users were accessible. Even a popular service like Docs appears in the report, pointing out an incident where files that should only be accessible via link were made public.
Some incidents were reported with a lower priority than they should have
As previously stated, all of these incidents occurred at least six years ago. At this point, Google’s security protocols are probably much stricter. However, the leak reveals that the privacy failure incidents in Google services could have potentially exposed user data. Also, it is an example of how your privacy could be compromised without your knowledge.
According to the source, Google employees report incidents by priority. They use a coding system where “P0” incidents have the highest priority, and then “P1” comes in behind. However, the classification of some reported incidents did not match their true importance.
Google’s official statement
A Google spokesperson confirmed the facts of the report. The employee said that “At Google, employees can quickly flag potential product issues for review by the relevant teams. When an employee submits the flag they suggest the priority level to the reviewer. The reports obtained by 404 are from over six years ago and are examples of these flags—everyone was reviewed and resolved at that time. In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third-party services.”
The post Leak reveals potential data breach incidents on Google services appeared first on Android Headlines.