Newtechmania was provided with confirmation from the corporation that the data, which was collected by 404 Media, was genuine.
The volume of breaches, accidents, and other occurrences that Google handles is revealed in a collection of internal privacy cases that have been leaked, providing a rare view inside the company’s operations. 404 Media was able to acquire and thoroughly examine the database, which contains hundreds of violations of privacy and security that were reported internally between the years 2013 and 2018.
The validity of the collection was confirmed by Google in conjunction with newtechmania; however, the company stated that some of the reports were associated with third-party services or did not ultimately constitute a cause for worry. As stated in an email sent to newtechmania by a representative of the firm, “At Google, employees have the ability to quickly flag potential product issues for review by the relevant teams.” “When an employee comes forward with the flag, they provide a suggestion to the reviewer on the importance level. The reports that were collected by 404 date back more than six years and are examples of these flags; at that time, each and every one of them was examined and resolved appropriately. In some instances, these employee flags turned out to be difficulties that were not problems at all, or they were problems that employees discovered in services provided by third parties.
In their article, 404 Media states that when viewed on an individual level, many situations merely affected a small number of people or were resolved in a short amount of time. In his article, “Taken as a whole, however, the internal database demonstrates how one of the most powerful and important companies in the world manages, and frequently mismanages, a staggering amount of personal, sensitive data on people’s lives,” Joseph Cox of 404 Media stated.
By way of illustration, there is the possibility of a security breach occurring when sensitive information belonging to a government client of a Google cloud service was inadvertently transferred to a product aimed at consumers. Consequently, a location in the United States that was based on the data was “no longer guaranteed for this customer,” according to the report that was included in the internal report that Google had produced.
Another incident that occurred in 2016 brought to light a problem with Google Street View. The problem was that a filter in the transcribing software of the service that was supposed to exclude license plate numbers that were taken did not perform as expected. According to the report that was obtained by 404 Media, “As a consequence of this, our database of objects detected from Street View now inadvertently contains a database of geolocated license plate numbers and fragments of license plate numbers.” (What a mistake!) According to that claim, the data had been removed.
There was another occurrence that brought to light a situation in which a glitch in a Google speech service mistakenly recorded and logged an estimated one thousand hours of speech data from youngsters for around one hour straight. According to the case report, the crew allegedly destroyed all of the sensitive material.
Another example that can be found in the database is when “a person” altered customer accounts on Google’s advertising network in order to change affiliate tracking codes. Another example is when YouTube recommended videos to customers based on their deleted watch histories. One allegation even outlines how a Google employee accessed Nintendo’s secret YouTube videos and disclosed information ahead of the video game company’s announcements. According to the claim, the individual did this unknowingly.
It is recommended that anyone who is interested in learning more about the types of privacy and security events that a corporation of Google’s magnitude experiences — or causes itself — and how it responds to them read the entire report that was published by 404 Media. This study provides additional details about the internal reports.