This past Monday, Google began alerting users of a “technical issue” that happened back in November. The problem was with Google Takeout, where you can download data from other Google apps as a backup, or transfer data between services. Anyone who requested backups between the dates of November 21-25, 2019 may have had their videos in Google Photos “incorrectly exported to unrelated users’ archives.”
What Happened
When a user requested a backup, some of their videos (but not photos) were sent to random users who were also downloading data from Google Takeout. Though the bug occured in November, it wasn’t until early February that Google sent out an email alerting affected users of the issue. As for what specifically was leaked, users are unable to find out, other than Google reporting that “one or more videos in your Google Photos account was affected by this issue.”
In addition to possibly finding videos in your download that aren’t yours, Google reported that if you downloaded data during this timeframe, it may have been incomplete. The company recommends that you should delete your prior export and perform a new one.
The Consequences of the Data Leak
TechNewsWorld interviewed Erich Kron, security awareness advocate. When asked about his thoughts on the situation, he said that though Google was able to remedy the situation within a few days, “the notification process to those impacted was less than satisfactory and left out a lot of details, leaving those possibly impacted unsure of what the exposure risks were for them.”
With people using mobile devices in their everyday life for photos, videos, and data storage, it is important that companies who go through data leaks have clear communication about the security used, and exactly what information was released.
Mike Jude, research director at IDC remarked on this, “If the video content was sensitive and private, then you could have a violation of the GDPR or California's CCPA. That sort of thing could trigger fines and remedial action.” Users have a right to know exactly what happened, and failure to disclose that could lead to a lawsuit against Google.
Google said that only 0.01% of users were affected, but didn’t specify if that was Takeout or Photo users; the former would mean a smaller amount were hit. However, the leaked videos were sent to other users, and not hackers that accessed Google’s system (which could’ve called into question their privacy standards). Because people understand that bugs happen, it may result in a more forgiving effect.
What Google Should Do
With the damage already done, you might be asking what Google can do to make up for the mistake. If the company can find out what exactly was sent incorrectly, it should let users know what was compromised. This could act as a mediator in case anyone who had their videos sent to someone else wanted to communicate with those who received it.
However, as IDC’s Jude continues to point out, “Google is a free service, more or less, that provides access in exchange for looking over your shoulder as you use the service. It is not a public commons, and there really should be no expectation of privacy.”
/google-photos-leak-banner.jpg)
