A leaked internal Google report reveals that the company has been committing several years of user privacy violations and personal data leaks, some of which are egregious. Google accidentally collected children’s voice data, exposed users’ travel and home addresses, and YouTube recommended videos based on content that users had long since deleted from their browsing history.
Major Privacy Incidents
According to 404 Media, each of the incidents could only affect a relatively small number of people or was quickly resolved. The internal Google report indicates that leaks of confidential user data have been occurring at the company for many years. The database, covering the period from 2013 to 2018, records thousands of incidents related to privacy and security issues.
One of the most serious cases occurred in 2016, when it was discovered that Google Street View recognized and saved license plates as photographs. This happened accidentally due to an error in the text recognition algorithm. As a result, information about the geolocation and license plates of many cars ended up in the Google database. This data was subsequently deleted.
Another incident concerned the publicized personal data of more than 1 million users of the Socratic service acquired by Google. Email addresses, geolocation data, and IP addresses, including those of children, were publicly available. The information was available for more than a year and could have been collected by attackers.
A separate case was noted when the Google voice assistant recorded all audio data, including the voices of children, for about an hour. About 1,000 fragments of children’s speech were collected. This data was subsequently also deleted.
Additional Data Breaches
Other major incidents have also been recorded, for example, a vulnerability in the ride-hailing service Waze Carpool led to the disclosure of personal information about users’ trips and home addresses. There was also unauthorized access by a Google employee to private Nintendo videos on a YouTube account, followed by a data leak.
NIXSOLUTIONS adds that the report included incidents of a smaller scale, such as the erroneous sending of letters with personal data and access to closed videos on YouTube being open for some time.
While in many cases the issues were resolved promptly, the overall scale of incidents involving user data is impressive. This shows how difficult it is for the largest IT companies to ensure the confidentiality of huge amounts of user personal information. We’ll keep you updated as more information becomes available.