Google Accidentally Sent Videos From Some Users’ Google Photos Backups to ‘Incorrect People’
Google Takeout is one of the company's lesser-known apps. It is a one-stop solution to download everything Google has on you, including data sourced from Google Photos. To get started, you need to go over here, select the data you need and click download. A link containing the data will then be emailed to you. Seems fairly straightforward, right? At least one Google user would say otherwise, as he woke up to the following Tweet.
— Jon Oberheide (@jonoberheide) February 4, 2020
According to the email Jon and some other users received users who requested Google Photos data over Takeout between November 21, 2019, and November 25, 2019, may have had their data incorrectly sent to other users. Essentially, a user who requested Photos data via Takeout received videos from another user and vice versa.
If you happen to be someone that has received this email, there is little you can do at this point. The damage has already been done, as there is no way for Google to retract the incorrect backups. Google recommends that you delete any previous export you may have received via Takeout and request for a new one. Ideally, affected users should receive a follow-up email with further instructions in the next few days.
The company says that only 0.01% of Google Photos users attempting to download their data during the technical issue were affected, but given the number of people that use Google services, that number is by no means insignificant. In a statement to 9to5Google, Google had the following to say:
“We are notifying people about a bug that may have affected users who used Google Takeout to export their Google Photos content between November 21 and November 25. These users may have received either an incomplete archive, or videos—not photos—that were not theirs. We fixed the underlying issue and have conducted an in-depth analysis to help prevent this from ever happening again. We are very sorry this happened.”
The idea of some random person receiving your private videos via a channel as secure as Photos is a terrifying one. What's worse is that the company waited nearly two months to disclose the vulnerability. Was Google aware of this the moment it happened or did it knowingly keep it secret all this time? It's hard to tell at this point. Let's hope the company sheds some more light on the issue in the coming days.
Source: Android Central