Google has suffered another leak that revealed how the tech giant exposed millions of personal emails with geolocation and IP, according to a new report.
The new documents appeared online Monday and claim to show thousands of internal incident reports prepared by employees of 2013 to 2018 detailing how Google poorly managed confidential and private data.
The emails exposed on the web were stored in a Google-owned application used for educational purposes and visible in the code of the company’s website, according to the report.
The documents also cited a host of other embarrassing issues: recording children’s voices, blurring sensitive YouTube videos, and exposing people’s addresses stored in Waze.
The report comes just days after Google suffered the ‘mother of all leaks’ after 2,500 documents exposed how its algorithm decides what users see.
An issue with the Android keyboard meant that when children opened the YouTube Kids app, Google inadvertently recorded their audio as part of the launch.
Incident data was shared by 404 Mediawho claimed to have obtained the leaked documents through an anonymous source who did not provide his name or real identity.
DailyMail.com has not been able to independently verify the documents, but 404 reported that it confirmed the data was legitimate and said Google confirmed some of the contents.
However, Google refuted the leaked documents, saying they were quickly resolved and are no longer relevant because the reports are from six years ago.
“Google employees can quickly flag potential issues with the product for review by relevant teams,” a Google spokesperson told DailyMail.com.
“The reports obtained by 404 are from more than six years ago and…each was reviewed and resolved at that time,” the spokesperson continued.
“In some cases, these employee flags turned out not to be problems at all or were problems that employees encountered on third-party services.”
But the 404 Media report cited an incident with Google-owned Socratic.org, a learning app for high school and college students.
Employees allegedly claimed that the app exposed email addresses of more than a million users.
Those affected also included children, and the report said: “This exposure has been addressed as part of the final conditions of this acquisition.” However, the data was exposed for more than 1 year and could have already been collected.
And the information could be seen on the source page of Socratic’s website, 404 Media claimed.
The leaked documents also allegedly showed that Google’s voice service recorded approximately 1,000 children’s audio data for about an hour.
The Google Assistant feature that was supposed to prevent the YouTube Kids app and other features from collecting your voices was not implemented correctly, 404 Media reported.
Kids YouTube is a version of the app for kids that only allows young users to watch age-appropriate content, including shows and music.
It uses voice recognition technology to allow users to make spoken requests to search for content, but an issue reportedly arose when children opened the YouTube Kids app using their voice and Google inadvertently recorded their audio.
Google claimed to have fixed the issue immediately after it was reported.
The tech giant also said it has since added a privacy notice to its Google Assistant. website warning parents that if the ‘include voice and audio activity’ option is activated when using the device, ‘a recording of your interaction, as well as a few seconds before, may be stored in your account.’
Google’s Waze carpool feature reportedly leaked users’ addresses and travel information, although the exact number of people affected was not immediately clear.
Waze’s ride-sharing feature was also mentioned in leaked documents that claimed the app leaked users’ addresses and trip information, although the exact number of people affected was not immediately clear.
Waze carpool, which allowed users to connect with drivers taking other passengers to similar destinations, launched in 2016 but was shut down in 2022 as more people worked from home.
In another incident, the report claimed that videos uploaded to YouTube that were listed as private appeared publicly and that the app’s blur feature was disabled, creating uncensored versions of the images.
Meanwhile, Google’s Street View allegedly transcribed and stored the license plate numbers that appeared in the photographs.
The report explains that the company’s algorithm that detects text in Street View mistakenly recorded the license plate numbers in 2016.
Street View transcribes text using a neural network to identify house numbers and street names.
“Unfortunately, the content of the license plates is also text and, apparently, in many cases has been transcribed,” the employee wrote in the leaked report, according to 404.
“As a result, our database of objects detected from Street View now inadvertently contains a database of geolocated license plate numbers and license plate number fragments.”
The employee explained that it was an accident and added that “the system that transcribes these texts should have avoided the images identified by our license plate detectors, but, for reasons still unknown, it did not do so.”
Google has previously been criticized for violating people’s privacy, including a lawsuit filed in New Mexico in 2018 for violating the federal Children’s Online Privacy Protection Act and state consumer protection laws.
The lawsuit claimed that Google allowed game developer Tiny Lab Productions to obtain and collect information about children and, as part of the multimillion-dollar settlement, was required to crack down on developers who mislabeled apps aimed at children to profit from targeted advertising. .
Google said it takes incident reports submitted by employees seriously and investigates the flag based on the severity and priority attributed to it.
The company claimed that many of the incidents reported by 404 did not exist, although it did not specify which incidents, adding that the other vulnerabilities were found on third-party sites, including a provider used for employee travel.
