Google suffers ANOTHER leak that reveals how it exposed millions of personal emails – and an embarrassing trove of other problems
Google is once again suffering from a breach that revealed how the tech giant exposed millions of personal emails containing geolocation and IPs, according to a new report.
The new documents surfaced online on Monday, claiming to show thousands of internal incident reports from employees 2013 to 2018 detailing how Google mismanaged sensitive and private data.
The emails exposed on the Internet were stored in a Google app used for educational purposes and visible in the company’s website code, the report said.
The documents also mentioned a number of other embarrassing issues: recording children’s voices, blurring sensitive YouTube videos, and exposing people’s addresses stored in Waze.
The report comes just days after Google suffered the “mother of all leaks” after 2,500 documents exposed how its algorithm decides what users see.
An Android keyboard issue caused when kids opened the YouTube Kids app, Google accidentally recorded their audio as part of the launch
Data from the incidents was shared by 404 Mediawho claimed to have obtained the leaked documents through an anonymous source who did not provide their real name or identity.
DailyMail.com was unable to independently verify the documents, but 404 reported that it confirmed the data was legitimate and said Google confirmed some of the content.
However, Google has refuted the leaked documents, saying they were quickly resolved and are no longer relevant because the reports are from six years ago.
“At Google, employees can quickly report potential product issues for review by the relevant teams,” a Google spokesperson told DailyMail.com.
“The reports obtained by 404 are from more than six years ago and… they were all reviewed and resolved at the time,” the spokesperson continued.
“In some cases, these employee flags turned out not to be problems at all, or were problems that employees encountered with third-party services.”
But the 404 Media report cited an incident involving Google-owned Socratic.org, a learning app for high school and college students.
Employees reportedly stated that the app exposed email addresses of more than a million users.
People affected included children, and the report said: ‘This exposure has been addressed as part of the closing conditions for this acquisition. However, the data was visible for more than a year and could have already been collected.’
And the information was visible in the page source of the Socratic website, 404 Media claimed.
The leaked documents also revealed that Google’s voice service recorded around 1,000 pieces of audio data from children for about an hour.
The Google Assistant feature that was supposed to prevent the YouTube Kids app and other features from collecting their votes was not implemented correctly, 404 Media reported.
The Kids YouTube is a kid-friendly version of the app that allows only young users to watch age-appropriate content, including shows and music.
It uses voice recognition technology to allow users to make voice requests to search for content, but a problem reportedly arose when children opened the YouTube Kids app with their voice and Google accidentally recorded their audio.
Google claimed to have fixed the problem immediately after reporting,
The tech giant also said it has since added a privacy statement to its Google Assistant website parents are warned that if “record voice and audio activity” is enabled when they use the device, “a recording of their interaction, plus a few seconds before, may be saved to their account.”
Google’s carpooling feature Waze reportedly leaked users’ addresses and travel information – although the exact number of people affected was not immediately clear.
Waze’s carpooling feature was also mentioned in the leaked documents, which claimed the app leaked users’ addresses and travel information – although the exact number of people affected was not immediately clear.
Waze carpool, which allows users to connect with drivers taking other passengers to similar destinations, was launched in 2016 but was discontinued in 2022 as more people worked from home.
In another incident, the report claimed that videos uploaded to YouTube that were listed as private appeared publicly and the app’s blur feature was disabled, creating uncensored versions of images.
Meanwhile, Google’s Street View is said to have transcribed and stored the license plate numbers that appeared in photos.
The report explains that the company’s algorithm, which detects text in Street View, incorrectly recorded license plate numbers in 2016.
Street View transcribes text using a neural network to identify house numbers and street names.
“Unfortunately, the content of license plates is also text and apparently copied in many cases,” the employee writes in the leaked report, according to 404.
“As a result, our database of objects detected from Street View now inadvertently contains a database of geolocated license plate numbers and license plate fragments.”
The employee explained that it was an accident, adding that “the system that transcribes these pieces of text should have avoided images identified by our license plate detectors, but for reasons still unknown it did not.”
Google has previously come under fire for violating people’s privacy, including a lawsuit filed in New Mexico in 2018 for violating the federal Children’s Online Privacy Protection Act and state consumer protection laws.
The lawsuit alleged that Google allowed game developer Tiny Lab Productions to obtain and collect information about children, and as part of the multi-million dollar settlement it was required to crack down on developers who misappropriated apps aimed at children. labels to make a profit from targeted advertising.
Google says it takes employee incident reports seriously and investigates the flag based on the severity and priority placed on it.
The company claimed that many of the incidents reported by 404 did not exist – although it did not specify which incidents – and added that the other vulnerabilities were found on third-party sites, including a vendor used for employee travel.
