Google Witnesses Second Massive Leak in Week

Google suffered from yet another leak that revealed how the tech giant accidentally collected speech data from children, according to a new report.^[1]  

It revealed thousands of internal incident reports by employees from 2013 through 2018, describing Google's mishandling of sensitive private information.

The voice collection included speeches for about a thousand kids who have been captured through YouTube Kids.

These included unblurring sensitive YouTube videos and exposing addresses stored in Waze, among others.

Just days after 2,500 documents exposed how its algorithm decides what users see on Sunday, the internet giant had what was described as the mother of all leaks.

An unidentified person leaked the incidents’ data, which claims are made by 404 Media, and this information is authentic according to them.

However, 404 reported that they verified the legitimacy of this particular document; at least some contents were confirmed by Google itself.

Waze Carpool, a service that links drivers and passengers with similar destinations, began in 2016 but closed its operations in 2022 following increased trends in remote work.

There were other reports where videos uploaded to YouTube only as private were found to be accessible by the public after the blurring effect failed and showed uncensored content.

In addition, there are claims that the transcribing of license plate numbers from some photos taken in 2016 was mistakenly done by Street View. This happened after the text recognition system employed in Street View images accidentally picked up some license plates while capturing texts on them.

According to an employee report, these license plate numbers were inadvertently included in the database of Street View objects and this was blamed on a system designed not to transcribe such information.

The same report also revealed a data breach involving more than one million emails from an app now owned by Google that affected Socratic.org, an educational platform. Though this breach took place before Google’s acquisition, it heightened concerns about geolocation and IP data exposure.

In 2018, Google was sued for violating privacy rights; it was accused of breaking the Children’s Online Privacy Protection Act and state consumer protection laws through child information gathering.

Days earlier, Live Nation, the parent company of Ticketmaster, confirmed reports of unauthorized access to its database, potentially exposing the personal information of 560 million customers. The breach, claimed by the hacking group ShinyHunters, includes names, addresses, phone numbers, and partial credit card details of Ticketmaster users globally. The hackers are demanding a $500,000 ransom to prevent the data from being sold.