In a new privacy-related fuckup, Google told users today that it might’ve accidentally imported your personal photos into another Google user’s account. Whoopsie!
First flagged by Duo Security CTO Jon Oberheide, Google seems to be emailing users who plugged into the company’s native Takeout app to backup their videos, warning that a bug resulted in some of those (hopefully G-rated) videos being backed up to an unrelated user’s account.
For those who used the “download your data” service between November 21 and November 25 of last year, some videos were “incorrectly exported,” the note reads. “If you downloaded your data, it may be incomplete, and it may contain videos that are not yours.”
The notice (as Oberheide rightfully pointed out) was non-specific at best, and downright callous at worst—especially considering the sensitive intel that many of us keep in our photos and videos. A stranger getting their hands on an embarrassing America’s Funniest Home Videos-style montage is one thing, but that same stranger getting their hands on clips of our most intimate moments is something else entirely.
When Oberheide followed up about which of his videos got caught in the breach, Google refused to disclose the specifics, according to an email he posted to Twitter, both about the exact clips and the third parties they were shared with. In a statement to 9to5google, the company claimed that less than 1 out of 10,000 Takeouters (or 0.01 percent) got caught in the leak.
“In cases where we know that another person has downloaded at least one of a user’s videos, we have said so,” the company told Oberheide over email.
We’ve reached out to Google for additional comment and will update when we hear back.
The flub, in Google’s words, has been “identified and resolved,” a phrase which—as we’ve seen with other major tech companies—often doesn’t mean much of anything at all. Here’s hoping that the company puts some muscle behind the issue, and that Takeout users delete the damn app that caused this mess to begin with.
Correction: Due to an editing error, we incorrectly stated the approximate number of Takeout users affected by the leak. It is 1 out of 10,000, not 1 out of 100. We regret the error.