A leaked internal report from Google reveals the company allowed numerous privacy breaches and data leaks over several years. Incidents included the inadvertent collection of children’s voice data, the exposure of users’ travel details and home addresses, and YouTube’s video recommendations based on content users had previously deleted from their viewing history.
A report by 404 Media indicates that each incident either affected only a relatively small number of people or was swiftly rectified. However, Google’s internal report shows that privacy-breaching incidents have occurred continually over many years. The database covering the period from 2013 to 2018 recorded thousands of security and privacy violations.
One of the most serious cases arose in 2016 when Google’s Street-View technology inadvertently recognized and archived car license plate numbers via captured images due to an error in the text recognition algorithm. As a result, location data and license plate numbers for many vehicles were stored in Google’s database. This information was later deleted.
Another notable incident involved the disclosure of personal data of over one million users of Google-owned service Socratic. Available data included email addresses, location information, and IP addresses – even data belonging to children. This information was publicly accessible for over a year and could have been harvested by malicious actors.
Another incident involved Google’s voice assistant inadvertently recording all audio data, including children’s voices, for approximately one hour, concluding in roughly 1,000 snippets of children’s speech. Again, this data was later deleted.
Other significant incidence recorded included a vulnerability in the carpooling service Waze Carpool that led to the disclosure of users’ personal travel details and home addresses. Also, there was an instance of unauthorized access to Nintendo’s private YouTube videos by a Google employee, leading to a data leak.
Besides these, the report noted several smaller-scale incidents such as accidental dispatch of emails with personal data and temporary unauthorized access to private YouTube videos.
Even though many of these issues were quickly addressed, the overall scale of incidents involving user data is staggering. It underscores the complexity major IT companies face while handling extensive volumes of users’ personal data.
