Google Photos has shared some users' private videos with strangers

Google has sent notices to some of its Google Photos users, telling them that that some of the videos stored in the service may have been exported to random users' archives.

Those who used Google's "Download your data" service for Google Photos between November 21 and November 25 of 2019 may find that their data export is incomplete — and could contain videos from other users. Google is informing impacted users now, and it is unclear how many users are a victim of the problem.

The notice was screen capped by Twitter user Jon Oberheide, co-founder of Duo Security, on February 3. It is not known how many users were affected at this time.

Whoa, what? @googlephotos? pic.twitter.com/2cZsABz1xb
— Jon Oberheide (@jonoberheide) February 4, 2020

Google states that for a five day period, a technical issue made it possible for users' videos to be exported to unrelated users archives. They assure users that the issue has been fixed, but notes that users should delete prior exports and perform a new export at this time.

It is possible that a user's videos have been shared with an unknown amount of other users, and it isn't being made clear which videos may have been shared. Google only mentions videos, so it can be assumed that exported photos are likely unaffected.

Google had recently been the subject of other security scandals. In late 2019, a security research organization in Germany placed eight 'smart spies' in both the Amazon Alexa and Google Home app stores to demonstrate how easily eavesdropping and phishing can be done over smart speakers.

It was also recently discovered that Avast, a popular antivirus tool for both PC and Mac, had been harvesting user data and selling it directly to Google and Microsoft.

13 Comments

razorpit 1793 comments · 17 Years

About 4 years ago

Gatorguy to defend in 3-2-1....

markbyrn 662 comments · 14 Years

Given the nature of software development + human error, breaches will happen. I was reading Tom's Guide on this and the writer was calling for the government to do something like the government hasn't had countless breaches and are rarely held accountable. As long as the breached entity isn't being grossly negligent or covering up/lying about the breach, take action if affected and press on. Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach.

EsquireCats 1268 comments · 8 Years

markbyrn said:

Given the nature of software development + human error, breaches will happen. I was reading Tom's Guide on this and the writer was calling for the government to do something like the government hasn't had countless breaches and are rarely held accountable. As long as the breached entity isn't being grossly negligent or covering up/lying about the breach, take action if affected and press on. Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach.

"Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach."

No comment here about the Google mishap, rather just about your strawman argument: Your point of view is not made stronger by trying to portray anyone that doesn't agree with it as a deluded person. It reads more like reflection (i.e. that you're coddling Google.)

cornchip 1943 comments · 11 Years

incredible!

Wgkrueger 352 comments · 8 Years

This has little or nothing to do with a data breach and everything to do with the lack of competence on the part of the Googles architecture and design team.