In brief: Google has previously made public privacy mistakes, but what about those that remain unknown? A leaked internal database reveals thousands of privacy and security failings flagged by Google between 2013 and 2018, some of which are quite damning.
The leaked information, sent by an anonymous source to 404 Media, encompasses incidents reported by employees from six to nine years ago, a Google spokesperson confirmed.
The publication notes that while most cases impacted a relatively small number of people individually or were quickly resolved, “taken as a whole, the internal database shows how one of the most powerful and important companies in the world manages, and often mismanages, a staggering amount of personal, sensitive data on people’s lives.”
One case from 2016 documented a Google employee reporting that Google Street View’s systems were accidentally transcribing and storing license plate numbers from photos, inadvertently creating a database of geolocated plate numbers. The report states the data has since been purged.
Another incident involved the exposure of over one million email addresses of Socratic.org users, a company Google acquired. Geolocation and IP addresses of users, including children, were also suspected to be exposed. The data was available for more than a year.
Children were additionally affected when a Google speech service logged all audio for an hour, capturing speech data from approximately 1,000 minors.
Another issue arose from a “quirk” in Android’s keyboard, where children inadvertently pressed the microphone button, leading to Google logging audio from youths as part of the YouTube Kids app launch.
One of Google’s most damaging incidents involved a government customer of its cloud service being inadvertently transferred to a consumer-level product, along with the organization’s sensitive data. Google’s internal reports indicated that as a result, a US-based location for the data was “no longer guaranteed for this customer.”
Other notable incidents include Waze’s carpool feature leaking users’ trips and home addresses, YouTube making recommendations based on videos users had deleted from their watch history, and the video platform’s blurring feature exposing uncensored versions of pictures.
A new Yoshi game (probably Woolly World 2) is going to be announced for Switch
by in nintendo
Another standout case involves a Google contractor accessing private videos in Nintendo’s YouTube account and leaking information prior to the gaming giant’s planned announcements. This incident is believed to have led to the 2017 Nintendo leak, showing an early look at Yoshi’s Crafted World ahead of its E3 reveal. Google’s database entry reads: “Former TVC [temporary vendor contractor] download video with admin account, and shared unreleased Nintendo feature with friend.” It was determined that the incident was “non-intentional.”
Google states that some of the reported issues were found in third-party services or didn’t become a cause for concern, asserting that each case highlighted in the report was reviewed and resolved at the time.