Would You like a feature Interview?
All Interviews are 100% FREE of Charge
The leaked collection of internal Google privacy incidents offers a rare glimpse into the company’s volume and response to breaches, incidents and other incidents. 404 Media We obtained and reviewed a database of thousands of privacy and security issues reported internally between 2013 and 2018.
Google confirmed to Engadget the veracity of the flood of reports, but maintained that some of the reports involved third-party services or ended up not being a cause for concern. “At Google, we allow employees to immediately report potential product issues for review by the relevant teams,” a company spokesperson wrote to Engadget. “When employees submit a report, we suggest a priority level for reviewers. The reports obtained by 404 are more than six years old and are examples of such reports, all of which were reviewed and resolved at the time. In some cases, what an employee reported was not an issue at all, or it was an issue the employee found in a third-party service.”
404 Media On an individual level, they wrote, many of the cases affected only a small number of people or were quickly resolved, “but taken as a whole, our internal database shows that one of the world’s most powerful and important companies controls, and often mismanages, vast amounts of personal and sensitive data about people’s lives.” 404 MediaJoseph Cox writes:
One example is a potential security issue where sensitive data from a government client of Google Cloud Services was mistakenly migrated to consumer products, according to an internal Google report, which added that as a result, the data’s U.S. location “is no longer guaranteed to this customer.”
A glitch in Google Street View was reported in 2016 when a filter in the service’s transcription software was designed to omit license plate numbers from photographs, but didn’t do its job. “As a result, our database of objects detected from Street View currently erroneously includes a database of geolocated license plate numbers and license plate number fragments,” according to the report, obtained by Google. 404 Media Details. (Oops!) The report said that the data had been wiped.
Another incident highlighted a case where a bug in Google’s voice service accidentally captured and recorded an estimated 1,000 hours of a child’s voice data in about an hour, though the case report claims the team deleted all the data.
Other cases in the database range from “an individual” modifying customer accounts on Google’s advertising platform to manipulate affiliate tracking codes, to YouTube recommending videos to users based on their deleted viewing history. One report even covered a Google employee (reportedly unintentionally) gaining access to private Nintendo YouTube videos and leaking information ahead of the video game company’s announcements.
of Full Report 404 MediaThe internal report details the , which is worth a read for anyone interested in the types of privacy and security incidents that large companies like Google face (or cause) and how they deal with them.