There are few things more personal than your private videos, but it seems a Google Photos slip-up sent some user's clips to the wrong person. An email shared by Duo security CTO Jon Oberheide explains that users who exported their photos via Takeout between 21-25 November 2019 may have received someone else's videos.
A bug in the exporting process caused some user's content to be included in other's archives. According to 9to5 Google, the company confirmed the issue and said it affected less than 0.01% of users attempting takeouts.
However, Alphabet Inc. has been unable to provide users with the specific videos that were shared or even how many were sent to strangers. The number of impacted users is small, but that content could be incredibly compromising. Oberheide's request for more clarification was met with no new information and the following apology:
“We apologize for this inconvenience. Rest assured that the software bug that led to these technical issues has been identified and resolved.”
Whoa, what? @googlephotos? pic.twitter.com/2cZsABz1xb
— Jon Oberheide (@jonoberheide) February 4, 2020
Though Google recommends affected users the incomplete exports with other's data and try again, there's no guarantee if that will happen. The tech giant also hasn't specified if the exports contained any personally identifiable data that could let another user discern the source.
This slip-up highlights that the convenience of storing data in the cloud should always be measured against the dangers to privacy and security. It's also a good time to highlight services like SpiderOak, Boxycryptor, and Tresorit, which end-to-end encrypt user's cloud storage so that things like this can't happen. Either way, Google has a lot to answer for in regards to how it let this happen.