Tube4vids logo

Your daily adult tube feed all in one place!

Google suffers ANOTHER leak that reveals how it exposed millions of personal emails - and an embarrassing trove of other problems

PUBLISHED
UPDATED
VIEWS

Google has sufferer another leak that revealed how the tech giant exposed millions of personal emails with geolocation and IPs, according to a new report.

The new documents surfaced online Monday, claiming to show thousands of internal incident reports by employees from  2013 to 2018 that detailed how Google mismanaged sensitive and private data.

The emails exposed on the web were stored in a Google-owned app used for education purposes and visible in the company's website code, the report claimed.

The documents also cited a number of other embarrassing problems - recording children's voices, unblurring sensitive YouTube videos and exposing people's addresses stored in Waze. 

The report comes just days after Google suffered the 'mother of all leaks' after 2,500 documents exposed how its algorithm decides what users see.

An issue with Android's keyboard meant that when children opened the YouTube Kids App, Google inadvertently logged their audio as part of the launch

An issue with Android's keyboard meant that when children opened the YouTube Kids App, Google inadvertently logged their audio as part of the launch

Data of the incidents were shared by 404 Media, which claimed to have obtained the leaked documents through an anonymous source who didn't provide their real name or identity.

DailyMail.com has not been able to independently verify the documents, but 404 reported that it confirmed the data was legitimate and said Google confirmed some of the contents.

However, Google has refuted the leaked documents and said they were quickly resolved and are no longer relevant because the reports are from six years ago.

'At Google employees can quickly flag potential product issues for review by the relevant teams,' a Google spokesperson told DailyMail.com. 

'The reports obtained by 404 are from over six years ago and ... every one was reviewed and resolved at that time,' the spokesperson continued.

'In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third party services.'

But the 404 Media report cited an incident with Google-owned Socratic.org, a learning app for high school and college students.

Employees allegedly stated that the app exposed email addresses of more than one million users.

The people who were impacted also included children, and the report said: 'This exposure has been addressed as part of the closing conditions for this acquisition. However, the data was exposed for > 1yr and could already have been harvested.'

And the information was viewable in the page source of the Socratic's website, 404 Media claimed.

The leaked documents also reportedly showed that Google's speech service logged roughly 1,000 children's audio data for about an hour.

The Google Assistant feature that was supposed to stop the YouTube Kids app and other features from collecting their voices was not correctly applied, 404 Media reported.

The Kids YouTube is a child-friendly version of the app that only allows young users to view age-appropriate content including shows and music.

It uses voice recognition technology to allow users to give spoken demands to search for content, but an issue reportedly arose when children opened the YouTube Kids App using their voice, Google inadvertently logged their audio.

Google claimed to have fixed the issue immediately after it was reported,

The tech giant also said it has since added a privacy notice on its Google Assistant website warning parents that if the 'include voice and audio activity' is turned on when they use the device, 'a recording of their interaction, plus a few seconds before, may be stored with their account.'

Google's Waze carpool feature reportedly leaked the addresses and trip information of users - although the exact number of people affected was not immediately clear.

Google's Waze carpool feature reportedly leaked the addresses and trip information of users - although the exact number of people affected was not immediately clear. 

Waze's carpool feature was also named in the leaked documents which claimed the app leaked the addresses and trip information of users - although the exact number of people affected was not immediately clear.

Waze carpool, which let users connect with drivers taking other passengers to similar destinations, launched in 2016, but was shut down in 2022 because more people were working from home.

In another incident, the report claimed videos uploaded to YouTube that were listed as private appeared publicly and the app's blurring feature was disabled, creating uncensored versions of pictures.

Meanwhile, Google's Street View allegedly transcribed and stored the license plate numbers that appeared in photos.

The report explained that the company's algorithm that detects text in Street View mistakenly noted license plate numbers in 2016.

Street View transcribes text using a neural network to identify house numbers and street names.

'Unfortunately, the contents of license plates are also text and, apparently, have been transcribed in many cases,' the employee wrote in the leaked report, according to 404. 

'As a result, our database of objects detected from Street View now inadvertently contains a database of geolocated license plate numbers and license plate number fragments.'

The employee explained that it was an accident, adding that 'the system that transcribes these pieces of text should have avoided imagery identified by our license plate detectors but, for reasons as-yet unknown, was not.'

Google has previously come under fire for violating people's privacy including a lawsuit filed in New Mexico in 2018 for violating the federal Children's Online Privacy Protection Act and state consumer protection laws.

The lawsuit claimed Google allowed game developer Tiny Lab Productions to obtain and gather information on children and as part of the multi-million-dollar settlement, it was required to crack down on developers mislabeling apps marketed toward children to make a profit from targeted advertising.

Google said it takes the incident reports filed by employees seriously and investigates the flag based on the severity and priority attached to it.

The company claimed that many of the incidents 404 reported didn't exist - although it did not specify which incidents - adding that the other vulnerabilities were found on third-party sites including a vendor used for employee travel.

Comments